This document is a WORK IN PROGRESS.
This is just a quick personal cheat sheet: treat its contents with caution!
Warning
Last thorough review: 12/01/2022
Bitwarden¶
With Vaultwarden.
TODO
The Bitwarden CLI is a powerful, fully featured tool for accessing and managing your Vault. Most features that you find in other Bitwarden client applications (Desktop, Browser Extension, etc.) are available from the CLI.
Reference(s)
Table of contents¶
Install¶
TODO
Bitwarden CLI¶
WIP
$ mkdir -p ~/app/bin-apps/bitwarden
$ wget https://vault.bitwarden.com/download/?app=cli&platform=linux
$ mv index.html\?app=cli\&platform=linux bw.zip
$ unzip bw.zip
$ chmod +x bw
$ rm bw.zip
Config¶
Bitwarden CLI¶
Reference(s)
- If you are using a self-hosted instance of Bitwarden, then you might want to link Bitwarden CLI to it:
ZSH Shell Completion¶
Bitwarden CLI includes support for ZSH shell completion. To setup shell completion, use one of the following methods:
-
Vanilla ZSH:
Add the following line to your
${ZDOTDIR:-${HOME}}/.zshrc(or wherever) file: -
Vanilla (vendor completions):
Run the following command:
-
Run the following commands:
Use¶
Bitwarden CLI¶
⚠️ WIP ⚠️
-
Then, don't forget to export the session key that has been printed, e.g. like so:
Tip
The first time you login you might be asked for your API key client_secret. See how to get
this API key here.
-
Lock:
The
BW_SESSIONenvironment variable is only tied to the active terminal session, so closing your terminal window is equivalent to locking your Vault. You can also destroy an active session key to lock your Vault by running: -
Using an API Key or SSO to log in will require you to follow-up the login command with an explicit
bw unlockif you will be working with Vault data directly.Unlocking your Vault generates a session key which acts as a session-specific decryption key used to interact with data in your Vault. The session key must be used to perform any command that touches Vault data (e.g.
list,get,edit). Generate a new session key at any time using: -
Get:
You can get a lot more things than an
item. You can also getpassword,username,uri,notes,totp,exposed,attachment,folder,collection,organization,org-collection,template, andfingerprint. -
Sync:
The
synccommand downloads your encrypted vault from the Bitwarden server. This command is most useful when you have changed something in your Bitwarden Vault on another client application (e.g. Web Vault, Browser Extension, Mobile App) since logging in on the CLI.You can pass the
--lastoption ($ bw sync --last) to return only the timestamp (ISO 8601) of the last time a sync was performed.Tip
It’s important to know that the
synccommand only performs a pull from the server. Data is automatically pushed to the server any time you make a change to your Vault (e.g. with thecreate,edit,deletecommands). -
The update command checks whether Bitwarden CLI is running the most recent version. It does not automatically update the CLI for you:
-
The status command returns status information about the Bitwarden CLI, including configured server URL, timestamp for the last sync (ISO 8601), user email and ID, and the Vault status:
-
-
Generate a complex password of 16 character:
-
Generate a complex passphrase of 8 words separated with the
-character:
-
⚠️ WIP ⚠️
If this cheat sheet has been useful to you, then please consider leaving a star here.