bitwarden/bws is not verified by Apple and cannot run without special permissions

[saxelsen]

Steps To Reproduce

On MacOS 13.2.1:

1. Download the pre-built binary for Mac: bws-macos-universal-0.3.1.zip
2. Unpack it
3. Run the CLI tool in the terminal $: bws

Expected Result

After unpacking the executable I expect to be able to run it. Ideally instead of downloading it, it would be available through a package manager like Homebrew.

Actual Result

The MacOS system shows an alert saying "bws cannot be opened because the developer cannot be verified." and gives the option to either close the pop-up or move the executable to the Trash.

I think you need to notarize and sign the executable as part of your release pipeline. Not doing it is likely preventing a lot of your MacOS users from adopting your tools. There is a way to let the OS trust the app anyway, but it is hidden away in the settings.

Screenshots or Videos

No response

Additional Context

No response

Operating System

macOS

Operating System Version

13.2.1

Shell

Zsh

Build Version

0.3.1

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[Hinton]

Hi @saxelsen,

Code signing and notarizing is definitely something we want to do. I know it's on the teams backlog but I don't have any specific timeline.

I believe right clicking and selecting open in the context menu will prompt gatekeeper to allow the binary and avoid the trip to settings.

[drunknbass]

+1
Not being notarized makes setting this up on remote machines(CI/CD) more difficult.

[Hinton]

This was resolved in #535, and should be included in the next CLI release.