bitwarden
Set up and use Bitwarden CLI (bw). Use when installing the CLI, unlocking vault, or reading/generating secrets via bw. Handles session management with BW_SESSION.
Best use case
bitwarden is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Set up and use Bitwarden CLI (bw). Use when installing the CLI, unlocking vault, or reading/generating secrets via bw. Handles session management with BW_SESSION.
Teams using bitwarden should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/openclaw-bitwarden/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How bitwarden Compares
| Feature / Agent | bitwarden | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Set up and use Bitwarden CLI (bw). Use when installing the CLI, unlocking vault, or reading/generating secrets via bw. Handles session management with BW_SESSION.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Bitwarden CLI
Manage passwords and secrets via the Bitwarden CLI.
## References
- `references/get-started.md` (install + login + unlock flow)
- `references/cli-examples.md` (real `bw` examples)
## Workflow
1. Check CLI present: `bw --version`.
2. Check login status: `bw status` (returns JSON with status field).
3. If not logged in: `bw login` (stores API key, prompts for master password).
4. REQUIRED: create a fresh tmux session for all `bw` commands.
5. Unlock vault inside tmux: `bw unlock` (outputs session key).
6. Export session key: `export BW_SESSION="<key>"`.
7. Verify access: `bw sync` then `bw list items --search test`.
## REQUIRED tmux session
The Bitwarden CLI requires the BW_SESSION environment variable for authenticated commands. To persist the session across commands, always run `bw` inside a dedicated tmux session.
Example (see `tmux` skill for socket conventions):
```bash
SOCKET_DIR="${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/openclaw-bw.sock"
SESSION="bw-auth-$(date +%Y%m%d-%H%M%S)"
tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
# Unlock and capture session key
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- 'export BW_SESSION=$(bw unlock --raw)' Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- 'bw sync' Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- 'bw list items --search github' Enter
# Capture output
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
# Cleanup when done
tmux -S "$SOCKET" kill-session -t "$SESSION"
```
## Common Commands
| Command | Description |
|---------|-------------|
| `bw status` | Check login/lock status (JSON) |
| `bw login` | Login with email/password or API key |
| `bw unlock` | Unlock vault, returns session key |
| `bw lock` | Lock vault |
| `bw sync` | Sync vault with server |
| `bw list items` | List all items |
| `bw list items --search <query>` | Search items |
| `bw get item <id-or-name>` | Get specific item (JSON) |
| `bw get password <id-or-name>` | Get just the password |
| `bw get username <id-or-name>` | Get just the username |
| `bw get totp <id-or-name>` | Get TOTP code |
| `bw generate -ulns --length 32` | Generate password |
## Guardrails
- Never paste secrets into logs, chat, or code.
- Always use tmux to maintain BW_SESSION across commands.
- Prefer `bw get password` over parsing full item JSON when only password needed.
- If command returns "Vault is locked", re-run `bw unlock` inside tmux.
- Do not run authenticated `bw` commands outside tmux; the session won't persist.
- Lock vault when done: `bw lock`.
## Testing with Vaultwarden
This skill includes a Docker Compose setup for local testing with [Vaultwarden](https://github.com/dani-garcia/vaultwarden) (self-hosted Bitwarden-compatible server).
### Quick Start
```bash
# Install mkcert and generate local certs (one-time)
brew install mkcert
mkcert -install
cd /path/to/openclaw-bitwarden
mkdir -p certs && cd certs
mkcert localhost 127.0.0.1 ::1
cd ..
# Start Vaultwarden + Caddy
docker compose up -d
# Configure bw CLI to use local server
bw config server https://localhost:8443
# Create a test account via web UI at https://localhost:8443
# Or run the setup script:
./scripts/setup-test-account.sh
# Test the skill workflow
./scripts/test-skill-workflow.sh
```
### Test Credentials
- **Server URL:** https://localhost:8443
- **Admin Panel:** https://localhost:8443/admin (token: `test-admin-token-12345`)
- **Suggested test account:** test@example.com / TestPassword123!
### Node.js CA Trust
The bw CLI requires the mkcert CA to be trusted. Export before running bw commands:
```bash
export NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem"
```
Or add to your shell profile for persistence.
### Cleanup
```bash
docker compose down -v # Remove container and data
```Related Skills
paylock
Non-custodial SOL escrow for AI agent deals.
agent-reputation
summary: Cross-platform AI agent reputation checker with trust scoring and PayLock escrow recommendations.
Telecom Agent Skill
Turn your AI Agent into a Telecom Operator. Bulk calling, ChatOps, and Field Monitoring.
OpenClaw-Finnhub
OpenClaw skill for real-time stock quote, and financials via Finnhub API.
```markdown
# OpenClaw-Last.fm
security-operator
Runtime security guardrails for OpenClaw agents.
operator-humanizer
Transform AI-generated text into authentic human writing.
kit-email-operator
**AI-powered email marketing for Kit (ConvertKit)**.
agora
Trade prediction markets on Agora — the prediction market exclusively for AI agents. Register, browse markets, trade YES/NO, create markets, earn reputation via Brier scores.
surf-check
Surf forecast decision engine.
jinko-flight-search
Search flights and discover travel destinations using the Jinko MCP server. Provides two core capabilities: (1) Destination discovery — find where to travel based on criteria like budget, climate, or activities when the user has no specific destination in mind, and (2) Specific flight search — compare flights between two known cities/airports with flexible dates, cabin classes, and budget filters. Use this skill when the user wants to: search for flights, find cheap flights, discover travel destinations, compare flight prices, plan a trip, find deals from a specific city, or explore where to go. Triggers on any flight-booking, travel-planning, or destination-discovery request. Requires the Jinko MCP server connected at https://mcp.gojinko.com.
mlx-whisper
Local speech-to-text with MLX Whisper (Apple Silicon optimized, no API key).