LinuxCommandLibrary

bw

Manage Bitwarden password vault

TLDR

Log in to a Bitwarden user account

$ bw login
copy

Log out of a Bitwarden user account
$ bw logout
copy

Search and display items from Bitwarden vault
$ bw list items --search [github]
copy

Display a particular item from Bitwarden vault
$ bw get item [github]
copy

Create a folder in Bitwarden vault
$ [echo -n '{"name":"My Folder1"}' | base64] | bw create folder
copy

SYNOPSIS

bw <command> [options]
bw <command> <subcommand> [options]

Examples:
bw login
bw unlock --raw
bw list items
bw get password "My Website"

PARAMETERS

--help
    Displays help information for the main command or a specific subcommand.

--version
    Shows the current version of the Bitwarden CLI.

--output <format>
    Specifies the output format for data (e.g., json, pretty, raw, csv).

--raw
    Suppresses additional formatting and only outputs the raw result, useful for scripting.

--response-type <type>
    Configures the response type when retrieving items, e.g., 'object' for full item details.

--email <email>
    Used with login to specify the user's email address.

--password <password>
    Used with login or unlock to provide the master password (use with caution in scripts).

--organization-id <id>
    Used with config to set the default organization context for commands.

DESCRIPTION

The bw command is the official command-line interface (CLI) for Bitwarden, a popular open-source password manager. It provides a robust text-based interface for interacting with your Bitwarden vault, allowing users to manage credentials, secure notes, credit cards, and identities directly from the terminal. This tool is particularly valuable for scripting, automation, and for users who prefer a non-graphical environment.

With bw, you can perform essential vault operations such as logging in, unlocking your vault, listing all stored items, retrieving specific usernames, passwords, or other fields, creating new entries, and syncing your local vault data with the Bitwarden cloud service or a self-hosted instance. It ensures secure access to sensitive information, making it an indispensable tool for developers, system administrators, and privacy-conscious individuals looking for efficient password management without reliance on graphical user interfaces.

CAVEATS

Using bw in scripts requires careful handling of sensitive information, particularly the master password. Storing the master password directly in a script is generally discouraged due to security risks, as it could be exposed in shell history or logs. Environment variables or interactive prompts are safer alternatives.

The CLI requires a network connection to sync with the Bitwarden server. While it supports offline use after an initial sync and unlock, some functionalities might be limited without a connection. Ensure your local session is properly locked or logged out to prevent unauthorized access.

INSTALLATION

The bw CLI can be installed in several ways, commonly via npm (Node Package Manager) with:
npm install -g @bitwarden/cli
It's also available through various package managers like Homebrew on macOS, or Snap on Linux, providing flexibility for different environments.

SESSION MANAGEMENT

After successfully logging in and unlocking your vault with bw, a session is established, and your vault remains unlocked for a configurable period. It is crucial to manage your session by using bw lock or bw logout when you are finished to secure your vault, especially in shared or public environments. This prevents unauthorized access to your stored credentials.

HISTORY

Bitwarden was initially launched in 2016 by Kyle Spearrin as a response to the need for a more secure and open-source password management solution. The development of the bw command-line interface quickly followed the core browser extension and desktop applications, recognizing the importance of automation and developer-friendly access to the vault. It has been actively maintained and improved, becoming an integral part of the Bitwarden ecosystem, offering advanced functionalities beyond the graphical interfaces, and supporting a wide range of operating systems.

SEE ALSO

pass(1), keepassxc-cli(1), vault(1), gpg(1)

Copied to clipboard