openclaw/skills/bitwarden/references/get-started.md
Will Mitchell 8501adfb9b feat(skills): add Bitwarden CLI skill
Add support for Bitwarden password manager CLI (bw) with:
- Email/password, API key, and SSO authentication
- tmux session workflow for secure session key management
- Comprehensive reference documentation
- Support for self-hosted Bitwarden/Vaultwarden servers
- Multiple installation methods (npm, brew, choco)

Tested end-to-end on ClawdBot VM:
- Skill loads as clawdbot-managed with correct metadata
- bw CLI installs and authenticates successfully
- Vault operations (list, get username/password) work as documented
- Session key management via BW_SESSION verified

Mirrors the existing 1password skill pattern for consistency.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-26 20:26:55 -05:00

3.0 KiB

Bitwarden CLI: Getting Started

System Requirements

The Bitwarden CLI runs on:

  • macOS: x64 and ARM64
  • Windows: x64
  • Linux: x64 (glibc-based distributions)

For npm installation, Node.js 16+ is required.

Installation Methods

npm install -g @bitwarden/cli

This method provides automatic updates via npm update -g @bitwarden/cli.

Homebrew (macOS/Linux)

brew install bitwarden-cli

Chocolatey (Windows)

choco install bitwarden-cli

Snap (Linux)

sudo snap install bw

Native Executables

Download pre-built binaries from https://bitwarden.com/download/

For Linux/macOS, grant execute permissions:

chmod +x bw
sudo mv bw /usr/local/bin/

Verify Installation

bw --version

Expected output: Version number like 2024.12.0

Initial Configuration

Connect to Bitwarden Server

For standard Bitwarden cloud (default):

# No configuration needed - uses https://vault.bitwarden.com by default

For self-hosted Bitwarden or Vaultwarden:

bw config server https://your-server.example.com

Verify server configuration:

bw config server

First-Time Login

Interactive login (recommended for first setup):

bw login

You'll be prompted for:

  1. Email address
  2. Master password
  3. Two-step verification code (if enabled)

Login with API key (for automation):

First, obtain your API key from the Bitwarden web vault:

  1. Go to Settings > Security > Keys
  2. View API Key
  3. Note your client_id and client_secret
# Set environment variables
export BW_CLIENTID="user.xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
export BW_CLIENTSECRET="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

# Login
bw login --apikey

# Unlock vault (required after API key login)
export BW_SESSION=$(bw unlock --raw)

Session Management with tmux

The CLI requires a session key for vault operations. Use tmux to preserve sessions:

# Create a dedicated session
tmux new-session -d -s bitwarden

# Attach to session
tmux attach -t bitwarden

# Inside tmux: login and export session
bw login
export BW_SESSION=$(bw unlock --raw)

# Now run your commands
bw list items

# When finished
bw lock

# Detach from tmux (Ctrl+B, then D)

Verify Access

After login and unlock:

# Check authentication status
bw status

# List vaults (should show your email)
bw list organizations

# Sync vault data
bw sync

Troubleshooting

"You are not logged in"

Run bw login to authenticate.

"Vault is locked"

Run bw unlock and export the session key:

export BW_SESSION=$(bw unlock --raw)

"Session key is invalid"

The session has expired. Re-unlock:

bw lock
export BW_SESSION=$(bw unlock --raw)

Command hangs or times out

Check network connectivity to Bitwarden server:

curl -I https://vault.bitwarden.com

For self-hosted servers, verify the server URL:

bw config server