bitwarden-vaultSet up and use Bitwarden CLI (bw). Use when installing the CLI, authenticating (login/unlock), or reading secrets from your vault. Supports email/password, API key, and SSO authentication methods.
Install via ClawdBot CLI:
clawdbot install StartupBros/bitwarden-vaultInstall Bitwarden CLI (npm):
Install Bitwarden CLI (npm)Install Bitwarden CLI (brew):
brew install bitwarden-cliInstall Bitwarden CLI (choco):
Install Bitwarden CLI (choco)Requires:
The Bitwarden command-line interface (CLI) provides full access to your Bitwarden vault for retrieving passwords, secure notes, and other secrets programmatically.
CRITICAL: Always run bw commands inside a dedicated tmux session. The CLI requires a session key (BW_SESSION) for all vault operations after authentication. A tmux session preserves this environment variable across commands.
bw --version to confirm the CLI is availabletmux new-session -d -s bw-sessionbw login or bw unlock inside the sessionBW_SESSION as instructed by the CLIbw get, bw list, etc. within the same session| Method | Command | Use Case |
|--------|---------|----------|
| Email/Password | bw login | Interactive sessions, first-time setup |
| API Key | bw login --apikey | Automation, scripts (requires separate unlock) |
| SSO | bw login --sso | Enterprise/organization accounts |
After bw login with email/password, your vault is automatically unlocked. For API key or SSO login, you must subsequently run bw unlock to decrypt the vault.
The unlock command outputs a session key. You must export it:
# Bash/Zsh
export BW_SESSION="<session_key_from_unlock>"
# Or capture automatically
export BW_SESSION=$(bw unlock --raw)Session keys remain valid until you run bw lock or bw logout. They do not persist across terminal windowsβhence the tmux requirement.
# Get password by item name
bw get password "GitHub"
# Get username
bw get username "GitHub"
# Get TOTP code
bw get totp "GitHub"
# Get full item as JSON
bw get item "GitHub"
# Get specific field
bw get item "GitHub" | jq -r '.fields[] | select(.name=="api_key") | .value'
# List all items
bw list items
# Search items
bw list items --search "github"bw lock when finished with vault operationsbw unlockbw login first| Variable | Purpose |
|----------|---------|
| BW_SESSION | Session key for vault decryption (required for all vault commands) |
| BW_CLIENTID | API key client ID (for --apikey login) |
| BW_CLIENTSECRET | API key client secret (for --apikey login) |
| BITWARDENCLI_APPDATA_DIR | Custom config directory (enables multi-account setups) |
For Vaultwarden or self-hosted Bitwarden:
bw config server https://your-bitwarden-server.comGenerated Mar 1, 2026
Automate retrieval of API keys and credentials for CI/CD pipelines. Use the Bitwarden CLI to fetch secrets securely during deployment, avoiding hardcoded values in scripts. Ideal for integrating with tools like Jenkins or GitHub Actions.
Audit password policies and access logs across an organization's vault. Use CLI commands to list items and export data for compliance reporting, ensuring adherence to security standards. Helps IT teams monitor and manage credential usage.
Securely manage access to patient data and system credentials in healthcare environments. Use the CLI to retrieve passwords for EHR systems and ensure HIPAA compliance by avoiding plaintext storage. Supports multi-account setups for different departments.
Handle payment gateway keys and API tokens for online stores. Use the CLI to dynamically fetch secrets during transaction processing, reducing risk of exposure. Enables secure automation in platforms like Shopify or custom web apps.
Share credentials among distributed teams without compromising security. Use the CLI with self-hosted servers to access shared vaults, ensuring only authorized members retrieve secrets. Facilitates secure collaboration in remote work settings.
Offer Bitwarden CLI integration as part of a premium security platform. Charge monthly fees for advanced features like automated secret rotation and audit logs. Targets enterprises needing scalable password management solutions.
Provide implementation and training services for organizations adopting Bitwarden CLI. Offer custom scripts, security audits, and workflow optimization. Generates revenue through project-based fees and ongoing support contracts.
Monetize by offering commercial support and enhanced tools for self-hosted Bitwarden instances. Provide patches, custom integrations, and priority assistance. Appeals to businesses using Vaultwarden or similar open-source variants.
π¬ Integration Tip
Always use tmux sessions to preserve BW_SESSION environment variables across commands, and avoid logging secrets by piping outputs directly into applications.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.