Bitwarden CLI
Manage credentials in Bitwarden vault. Follow the official CLI docs — don't guess commands.
Workflow
- Verify CLI present:
bw --version. - Check vault status:
bw status. - If locked, tell the user to run
bw unlockand setBW_SESSION. - Verify access:
bw statusmust showunlockedbefore any vault operation. - After creating or editing items, run
bw sync.
Lookup
bw list items --search "query"
bw get item "name"
bw get password "name"
bw get username "name"
bw get totp "name"
bw list items --folderid <folder-id>
bw list folders
Create
# Login item (type 1=Login, 2=Secure Note, 3=Card, 4=Identity)
echo '{"type":1,"name":"Example","login":{"username":"user@example.com","password":"s3cret","uris":[{"uri":"https://example.com"}]}}' | bw encode | bw create item
# Folder
bw create folder "$(echo '{"name":"Work"}' | bw encode)"
Edit
bw get item <id> | jq '.login.password = "newpass"' | bw encode | bw edit item <id>
bw get item <id> | jq '.folderId = "<folder-id>"' | bw encode | bw edit item <id>
Generate
bw generate -ulns --length 24
bw generate --passphrase --words 4 --separator "-"
Guardrails
- Never paste secrets into logs, chat, or code.
- Prefer showing username and site — only reveal passwords if explicitly requested.
- Always generate a strong password with
bw generateunless the user provides one. - If a command returns "Vault is locked", stop and ask the user to unlock.