Bitwarden Vault CLI

Set up and use Bitwarden CLI (bw). Use when installing the CLI, authenticating (login/unlock), or reading secrets from your vault. Supports email/password, API key, and SSO authentication methods.

安装
$clawhub install bitwarden-vault

Bitwarden CLI Skill

The Bitwarden command-line interface (CLI) provides full access to your Bitwarden vault for retrieving passwords, secure notes, and other secrets programmatically.

Workflow Requirements

CRITICAL: Always run bw commands inside a dedicated tmux session. The CLI requires a session key (BW_SESSION) for all vault operations after authentication. A tmux session preserves this environment variable across commands.

Required Workflow

  1. Verify CLI installation: Run bw --version to confirm the CLI is available

  2. Create a dedicated tmux session: tmux new-session -d -s bw-session

  3. Attach and authenticate: Run bw login or bw unlock inside the session

  4. Export session key: After unlock, export BW_SESSION as instructed by the CLI

  5. Execute vault commands: Use bw get, bw list, etc. within the same session

Authentication Methods

Method Command Use Case
Email/Password bw login Interactive sessions, first-time setup
API Key bw login --apikey Automation, scripts (requires separate unlock)
SSO bw login --sso Enterprise/organization accounts

After bw login with email/password, your vault is automatically unlocked. For API key or SSO login, you must subsequently run bw unlock to decrypt the vault.

Session Key Management

The unlock command outputs a session key. You must export it:


# Bash/Zsh
export BW_SESSION="<session_key_from_unlock>"

# Or capture automatically
export BW_SESSION=$(bw unlock --raw)

Session keys remain valid until you run bw lock or bw logout. They do not persist across terminal windows—hence the tmux requirement.

Reading Secrets


# Get password by item name
bw get password "GitHub"

# Get username
bw get username "GitHub"

# Get TOTP code
bw get totp "GitHub"

# Get full item as JSON
bw get item "GitHub"

# Get specific field
bw get item "GitHub" | jq -r '.fields[] | select(.name=="api_key") | .value'

# List all items
bw list items

# Search items
bw list items --search "github"

Security Guardrails

  • NEVER expose secrets in logs, code, or command output visible to users

  • NEVER write secrets to disk unless absolutely necessary

  • ALWAYS use bw lock when finished with vault operations

  • PREFER reading secrets directly into environment variables or piping to commands

  • If you receive "Vault is locked" errors, re-authenticate with bw unlock

  • If you receive "You are not logged in" errors, run bw login first

  • Stop and request assistance if tmux is unavailable on the system

Environment Variables

Variable Purpose
BW_SESSION Session key for vault decryption (required for all vault commands)
BW_CLIENTID API key client ID (for --apikey login)
BW_CLIENTSECRET API key client secret (for --apikey login)
BITWARDENCLI_APPDATA_DIR Custom config directory (enables multi-account setups)

Self-Hosted Servers

For Vaultwarden or self-hosted Bitwarden:

bw config server https://your-bitwarden-server.com

Reference Documentation

  • Get Started Guide - Installation and initial setup

  • CLI Examples - Common usage patterns and advanced operations

详情

版本
v1.0.0
下载
2,029
星标
3
ClawHub
在 ClawHub 查看

热门 Skills

Mailchimp
Mailchimp Marketing API integration with managed OAuth. Access audiences, campaigns, templates, automations, reports, and manage subscribers. Use this skill when users want to manage email marketing, subscriber lists, or automate email campaigns. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).
Xero
Xero API integration with managed OAuth. Manage contacts, invoices, payments, accounts, and run financial reports. Use this skill when users want to interact with Xero accounting data. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).
Todoist
Manage tasks and projects in Todoist. Use when user asks about tasks, to-dos, reminders, or productivity.