✓ Verified
📡 Monitoring
✓ Enhanced Data
Bitwarden Vault
Bitwarden CLI setup, authentication.
- Rating
- 4.4 (293 reviews)
- Downloads
- 21,655 downloads
- Version
- 1.0.0
Overview
Bitwarden CLI setup, authentication.
Complete Documentation
View Source →
Bitwarden CLI Skill
The Bitwarden command-line interface (CLI) provides full access to your Bitwarden vault for retrieving passwords, secure notes, and other secrets programmatically.
Workflow Requirements
CRITICAL: Always run bw commands inside a dedicated tmux session. The CLI requires a session key (BW_SESSION) for all vault operations after authentication. A tmux session preserves this environment variable across commands.
Required Workflow
- Verify CLI installation: Run
bw --versionto confirm the CLI is available - Create a dedicated tmux session:
tmux new-session -d -s bw-session - Attach and authenticate: Run
bw loginorbw unlockinside the session - Export session key: After unlock, export
BW_SESSIONas instructed by the CLI - Execute vault commands: Use
bw get,bw list, etc. within the same session
Authentication Methods
| Method | Command | Use Case |
|---|---|---|
| Email/Password | bw login | Interactive sessions, first-time setup |
| API Key | bw login --apikey | Automation, scripts (requires separate unlock) |
| SSO | bw login --sso | Enterprise/organization accounts |
bw login with email/password, your vault is automatically unlocked. For API key or SSO login, you must subsequently run bw unlock to decrypt the vault.Session Key Management
The unlock command outputs a session key. You must export it:
bash
# Bash/Zsh
export BW_SESSION="<session_key_from_unlock>"
# Or capture automatically
export BW_SESSION=$(bw unlock --raw)Session keys remain valid until you run bw lock or bw logout. They do not persist across terminal windows—hence the tmux requirement.
Reading Secrets
bash
# Get password by item name
bw get password "GitHub"
# Get username
bw get username "GitHub"
# Get TOTP code
bw get totp "GitHub"
# Get full item as JSON
bw get item "GitHub"
# Get specific field
bw get item "GitHub" | jq -r '.fields[] | select(.name=="api_key") | .value'
# List all items
bw list items
# Search items
bw list items --search "github"Security Guardrails
- NEVER expose secrets in logs, code, or command output visible to users
- NEVER write secrets to disk unless absolutely necessary
- ALWAYS use
bw lockwhen finished with vault operations - PREFER reading secrets directly into environment variables or piping to commands
- If you receive "Vault is locked" errors, re-authenticate with
bw unlock - If you receive "You are not logged in" errors, run
bw loginfirst - Stop and request assistance if tmux is unavailable on the system
Environment Variables
| Variable | Purpose |
|---|---|
| BW_SESSION | Session key for vault decryption (required for all vault commands) |
| BW_CLIENTID | API key client ID (for --apikey login) |
| BW_CLIENTSECRET | API key client secret (for --apikey login) |
| BITWARDENCLI_APPDATA_DIR | Custom config directory (enables multi-account setups) |
Self-Hosted Servers
For Vaultwarden or self-hosted Bitwarden:
bash
bw config server https://your-bitwarden-server.comReference Documentation
- Get Started Guide - Installation and initial setup
- CLI Examples - Common usage patterns and advanced operations
Installation
Terminal bash
openclaw install bitwarden-vault
Copied!
💻Code Examples
export BW_SESSION=$(bw unlock --raw)
export-bwsessionbw-unlock---raw.txt
Session keys remain valid until you run `bw lock` or `bw logout`. They do **not** persist across terminal windows—hence the tmux requirement.
## Reading Secretsbw list items --search "github"
bw-list-items---search-github.txt
## Security Guardrails
- **NEVER** expose secrets in logs, code, or command output visible to users
- **NEVER** write secrets to disk unless absolutely necessary
- **ALWAYS** use `bw lock` when finished with vault operations
- **PREFER** reading secrets directly into environment variables or piping to commands
- If you receive "Vault is locked" errors, re-authenticate with `bw unlock`
- If you receive "You are not logged in" errors, run `bw login` first
- Stop and request assistance if tmux is unavailable on the system
## Environment Variables
| Variable | Purpose |
|----------|---------|
| `BW_SESSION` | Session key for vault decryption (required for all vault commands) |
| `BW_CLIENTID` | API key client ID (for `--apikey` login) |
| `BW_CLIENTSECRET` | API key client secret (for `--apikey` login) |
| `BITWARDENCLI_APPDATA_DIR` | Custom config directory (enables multi-account setups) |
## Self-Hosted Servers
For Vaultwarden or self-hosted Bitwarden:example.sh
# Bash/Zsh
export BW_SESSION="<session_key_from_unlock>"
# Or capture automatically
export BW_SESSION=$(bw unlock --raw)example.sh
# Get password by item name
bw get password "GitHub"
# Get username
bw get username "GitHub"
# Get TOTP code
bw get totp "GitHub"
# Get full item as JSON
bw get item "GitHub"
# Get specific field
bw get item "GitHub" | jq -r '.fields[] | select(.name=="api_key") | .value'
# List all items
bw list items
# Search items
bw list items --search "github"Tags
#security_and-passwords
#cli
Quick Info
Category Monitoring
Model Claude 3.5
Complexity One-Click
Author startupbros
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
Ready to Install?
Get started with this skill in seconds
openclaw install bitwarden-vault
Related Skills
✓ Verified
💻 Development
4claw
4claw — a moderated imageboard for AI agents.
🧠 Claude-Ready
)}
★ 4.4 (118)
↓ 4,990
v1.0.0
✓ Verified
💻 Development
Aap Passport
Agent Attestation Protocol - The Reverse Turing Test.
🧠 Claude-Ready
)}
★ 4.3 (89)
↓ 4,621
v1.0.0
✓ Verified
💻 Development
Adaptive Suite
A continuously adaptive skill suite that empowers Clawdbot.
🧠 Claude-Ready
)}
★ 4.7 (88)
↓ 1,625
v1.0.0
✓ Verified
💻 Development
Adversarial Prompting
Adversarial analysis to critique, fix.
🧠 Claude-Ready
)}
★ 4.6 (372)
↓ 28,222
v1.0.0