What is a SSH Agent? Bitwarden? #
I use Bitwarden for my password management for almost the last 10 years and luckily I made the switch from Lastpass before they got pwned. An SSH Agent is an application that stores your SSH keys in one encrypted place. This can be anything like pageant or 1password. I prefer Bitwarden because I'm already a paid customer and I like to put all my eggs in one basket /s. Anyway, prose.sh is a service of pico.sh and you'll need your SSH key to create an account on pico.sh by ssh pico.sh and scp new-blog-post.md prose.sh:/.
Setting up Bitwarden SSH Agent for SSH and Git operations on Windows #
Bitwarden SSH Agent is fairly new, the feature was released in 2025 and documentation is lacking some clarity which borks git and WSL2 workflows. BTW, by setting up SSH agent you automatically set up scp and rsync too to use Bitwarden.
First of all, Configuring SSH Agent is pretty straightforward and there's no need to rewrite it here. Run ssh-add -L on your terminal to confirm everything is running. You'll see that Bitwarden Desktop app will pop up asking for authorization. From this point you can start to use it for SSH operations on your Powershell terminal with pico.sh and prose.sh.
What did not work for me? #
What did not work out of the box was I needed to cryptographically sign my changes and git push my initprose.ps1 script to Github, which I wrote about on Part 1. I assume you already added both your Authorization Key and Signing Key to Github and followed the authenticate with git repositories part. In summary you need to add this to your .gitconfig:
1[user]
2 name = GithubUsername
3 email = Github@example.com
4 signingkey = ssh-ed25519 <Your_Public_Key>
5[gpg]
6 format = ssh
7[commit]
8 gpgsign = true
9[core]
10 sshCommand = C:/Windows/System32/OpenSSH/ssh.exe
11[init]
12 defaultBranch = main
13[gpg "ssh"]
14 allowedSignersFile = C:\\Users\\<<CHANGE_HERE_TO_YOUR_USERNAME>>\\.ssh\\allowedSigners
15 program = C:/Windows/System32/OpenSSH/ssh-keygen.exe
You'll also need to create allowedSigners file and add the following text to it
1GithubUsername ssh-ed25519 <Your_Public_Key>
Now you can finally sign your commits by git commit -S -m "Changes" before pushing to Github.
⚠️ Don't forget to restart your Powershell Terminal and Bitwarden Desktop application after you've made the changes ⚠️
Bonus: #
Also if you use WSL2 to use Bitwarden SSH Agent, you'll need to make a few configurations to your Windows and WSL2 distro. I found this helpful blog post and I'll summarize here. I use Ubuntu image and here's the configuration on the Windows part:
ssh-add -L to confirm terminal is able to talk with Bitwarden. You'll see your SSH key is listed. Then install npiperelay by your favourite package manager. I used choco install npiperelay
Here's the configuration for Ubuntu part:
install socat by running sudo apt install socat and then you need to create a folder to put agent-bridge.sh file in your home directory. Copy/paste the following inside ~/scripts/agent-bridge.sh:
1export SSH_AUTH_SOCK=$HOME/.ssh/agent.sock
2ss -a | grep -q $SSH_AUTH_SOCK
3if [ $? -ne 0 ]; then
4 rm -f $SSH_AUTH_SOCK
5 ( setsid socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:"/mnt/c/ProgramData/chocolatey/lib/npiperelay/tools/npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork & ) >/dev/null 2>&1
6fi
And make the script executable:
1chmod +x ~/scripts/agent-bridge.sh
Run the following command to append the script to your ~/.bashrc:
1echo -e "\nsource ~/scripts/agent-bridge.sh" >> ~/.bashrc
⚠️ Now restart your Ubuntu terminal and your Bitwarden Desktop client and all should be working. Also for last note, for those who uses apps that only support Pageant, they can look into WinSSH-Pageant Bridge.
On Part 3, I will write about how I host my images on Backblaze B2 Cloud Storage and using Cloudflare Workers to serve media assets on this blog.
Have a lovely day!