Skip to content

This document is a WORK IN PROGRESS.
This is just a quick personal cheat sheet: treat its contents with caution!


Warning

Last thorough review: 12/01/2022


Bitwarden

With Vaultwarden.

TODO

The Bitwarden CLI is a powerful, fully featured tool for accessing and managing your Vault. Most features that you find in other Bitwarden client applications (Desktop, Browser Extension, etc.) are available from the CLI.

Reference(s)

Table of contents


Install

TODO

Bitwarden CLI

WIP

$ mkdir -p ~/app/bin-apps/bitwarden
$ wget https://vault.bitwarden.com/download/?app=cli&platform=linux
$ mv index.html\?app=cli\&platform=linux bw.zip
$ unzip bw.zip
$ chmod +x bw
$ rm bw.zip

Config

Bitwarden CLI

Reference(s)
  • If you are using a self-hosted instance of Bitwarden, then you might want to link Bitwarden CLI to it:
    $ bw config server https://your.bw.domain.com
    

ZSH Shell Completion

Bitwarden CLI includes support for ZSH shell completion. To setup shell completion, use one of the following methods:

  1. Vanilla ZSH:

    Add the following line to your ${ZDOTDIR:-${HOME}}/.zshrc (or wherever) file:

    $ eval "$(bw completion --shell zsh); compdef _bw bw;"
    

  2. Vanilla (vendor completions):

    Run the following command:

    $ bw completion --shell zsh | sudo tee /usr/share/zsh/vendor-completions/_bw
    

  3. zinit:

    Run the following commands:

    $ bw completion --shell zsh > ~/.local/share/zsh/completions/_bw
    $ zinit creinstall ~/.local/share/zsh/completions
    


Use

Bitwarden CLI

⚠️ WIP ⚠️

  • Login:

    $ bw login your@mail.com # then enter your master password
    

    Then, don't forget to export the session key that has been printed, e.g. like so:

    $ export BW_SESSION="5PBYGU+5yt3RHcCjoeJKx/wByU34vokGRZjXpSH7Ylo8w=="
    

Tip

The first time you login you might be asked for your API key client_secret. See how to get this API key here.

  • Lock:

    The BW_SESSION environment variable is only tied to the active terminal session, so closing your terminal window is equivalent to locking your Vault. You can also destroy an active session key to lock your Vault by running:

    $ bw lock
    

  • Unlock:

    Using an API Key or SSO to log in will require you to follow-up the login command with an explicit bw unlock if you will be working with Vault data directly.

    Unlocking your Vault generates a session key which acts as a session-specific decryption key used to interact with data in your Vault. The session key must be used to perform any command that touches Vault data (e.g. list, get, edit). Generate a new session key at any time using:

    $ bw unlock
    

  • List/Search:

    $ bw list items --search "characters to search for"
    

  • Get:

    $ bw get item "characters to search for"
    

    You can get a lot more things than an item. You can also get password, username, uri, notes, totp, exposed, attachment, folder, collection, organization, org-collection, template, and fingerprint.

  • Sync:

    The sync command downloads your encrypted vault from the Bitwarden server. This command is most useful when you have changed something in your Bitwarden Vault on another client application (e.g. Web Vault, Browser Extension, Mobile App) since logging in on the CLI.

    $ bw sync
    

    You can pass the --last option ($ bw sync --last) to return only the timestamp (ISO 8601) of the last time a sync was performed.

    Tip

    It’s important to know that the sync command only performs a pull from the server. Data is automatically pushed to the server any time you make a change to your Vault (e.g. with the create, edit, delete commands).

  • Update:

    The update command checks whether Bitwarden CLI is running the most recent version. It does not automatically update the CLI for you:

    $ bw update
    

  • Status:

    The status command returns status information about the Bitwarden CLI, including configured server URL, timestamp for the last sync (ISO 8601), user email and ID, and the Vault status:

    $ bw status
    

  • Generate:

    • Generate a complex password of 16 character:

      $ bw generate --lowercase --uppercase --number --special --length 16
      

    • Generate a complex passphrase of 8 words separated with the - character:

      $ bw generate --passphrase --words 8 --separator -
      

⚠️ WIP ⚠️


If this cheat sheet has been useful to you, then please consider leaving a star here.