Add support for Bitwarden password manager CLI (bw) with: - Email/password, API key, and SSO authentication - tmux session workflow for secure session key management - Comprehensive reference documentation - Support for self-hosted Bitwarden/Vaultwarden servers - Multiple installation methods (npm, brew, choco) Tested end-to-end on ClawdBot VM: - Skill loads as clawdbot-managed with correct metadata - bw CLI installs and authenticates successfully - Vault operations (list, get username/password) work as documented - Session key management via BW_SESSION verified Mirrors the existing 1password skill pattern for consistency. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
3.0 KiB
Bitwarden CLI: Getting Started
System Requirements
The Bitwarden CLI runs on:
- macOS: x64 and ARM64
- Windows: x64
- Linux: x64 (glibc-based distributions)
For npm installation, Node.js 16+ is required.
Installation Methods
NPM (Recommended - Cross-Platform)
npm install -g @bitwarden/cli
This method provides automatic updates via npm update -g @bitwarden/cli.
Homebrew (macOS/Linux)
brew install bitwarden-cli
Chocolatey (Windows)
choco install bitwarden-cli
Snap (Linux)
sudo snap install bw
Native Executables
Download pre-built binaries from https://bitwarden.com/download/
For Linux/macOS, grant execute permissions:
chmod +x bw
sudo mv bw /usr/local/bin/
Verify Installation
bw --version
Expected output: Version number like 2024.12.0
Initial Configuration
Connect to Bitwarden Server
For standard Bitwarden cloud (default):
# No configuration needed - uses https://vault.bitwarden.com by default
For self-hosted Bitwarden or Vaultwarden:
bw config server https://your-server.example.com
Verify server configuration:
bw config server
First-Time Login
Interactive login (recommended for first setup):
bw login
You'll be prompted for:
- Email address
- Master password
- Two-step verification code (if enabled)
Login with API key (for automation):
First, obtain your API key from the Bitwarden web vault:
- Go to Settings > Security > Keys
- View API Key
- Note your
client_idandclient_secret
# Set environment variables
export BW_CLIENTID="user.xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
export BW_CLIENTSECRET="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
# Login
bw login --apikey
# Unlock vault (required after API key login)
export BW_SESSION=$(bw unlock --raw)
Session Management with tmux
The CLI requires a session key for vault operations. Use tmux to preserve sessions:
# Create a dedicated session
tmux new-session -d -s bitwarden
# Attach to session
tmux attach -t bitwarden
# Inside tmux: login and export session
bw login
export BW_SESSION=$(bw unlock --raw)
# Now run your commands
bw list items
# When finished
bw lock
# Detach from tmux (Ctrl+B, then D)
Verify Access
After login and unlock:
# Check authentication status
bw status
# List vaults (should show your email)
bw list organizations
# Sync vault data
bw sync
Troubleshooting
"You are not logged in"
Run bw login to authenticate.
"Vault is locked"
Run bw unlock and export the session key:
export BW_SESSION=$(bw unlock --raw)
"Session key is invalid"
The session has expired. Re-unlock:
bw lock
export BW_SESSION=$(bw unlock --raw)
Command hangs or times out
Check network connectivity to Bitwarden server:
curl -I https://vault.bitwarden.com
For self-hosted servers, verify the server URL:
bw config server