Duplicate ID error when a bitwarden credential is in multiple collections

[girlpunk]

When using the Bitwarden PowerShell dynamic folder script, if a credential is added to multiple collections the entire dynamic folder fails to load with the error "Duplicate ID found". Inspecting the JSON returned from the script confirms that a credential object with the same ID exists in both folders.

[StefanKoell]

That's indeed problematic. This is more like a general issue with dynamic folders which generates deterministic IDs based on the original object ID. On one hand, we need to make sure that the IDs end up always the same, so that credential references will work, on the other hand, having two objects with the same ID is not allowed.

Short term, we can't really fix that in the script. So having multiple dynamic folders which generates potentially multiple objects with the same ID must be avoided.

If we can provide a long term solution to this issue must be discussed internally. One idea would be to just not generate and skip objects which have the same ID as an existing object.

[StefanKoell]

Just talked to my colleagues and I think I misunderstood the problem. I was under the impression that multiple dynamic folders are creating objects with already existing IDs. The case you are describing needs to be handled in the script. The general idea is to keep track of all the IDs already created and if an ID shows up again, either provide a new one or skip the object entirely. Would be best if someone with a bitwarden environment can submit a PR for this.

[girlpunk]

To clarify, I have a single credential in Bitwarden set to be included in multiple collections, like so:

This generates two credentials in the JSON output, one in each of the collection folders, both with the same ID.

I was able to work around this issue by changing line 55 of the script to include both the item and the collection ID, like so:

$row.ID = $item.id + $collectionId

However obviously this means credentials in RoyalTS no longer share the GUID with those in Bitwarden, which should be viewed as a breaking change. Is this acceptable for a PR?

[StefanKoell]

This "workaround" would change every ID from every object - which would be a breaking change, correct. It would be better to track all the IDs in the script and apply the workaround only for the objects which would end up as a duplicate.

[GrinGrin]

Hi,
I was working on the script for something else and saw this opened issue.

When writing the script, I didn't tested all possible cases like organization credential linked to multiple collections as it was for a PoC by the time 😖
Now that we deployed an on-premise Bitwarden instancefor production use, I had more real situations to address.

There is multiple ways to correct this duplicate ID issue, but :

• If you link credentials by ID on your connections, you need to have the same ID each time the dynamic folder is reloaded, generating new GUID on load is not the good option
• If you link credentials by Name on your connections, multiple entries with the same name can prevent automatic login and a credential picker popup each time, that can be counter productive
• Only adding one instance of each credential can be a solution but it's weird as this will not reflect what you can see in the Bitwarden side (desktop app/web application/browser extension)

A workaround for credentials shared from personal vault to an organization's collection was already implemented in the initial release as this situation also lead to a duplicate ID.
Currently, the credential is simply ignored when loading the collection it is linked to, it only appear in your personal vault.

What do you think would be the better way to correct this ?

Best Regards,
Nicolas.

[StefanKoell]

I would suggest to handle it in the script and keep track of those duplicates. I can imagine that the way this is handled may be different depending on the use case/preference. When handled in the script, one could easily change the behavior.