LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Getting Nerdy With Your Passwords: the Bitwarden Command Line Interface

Bitwarden is a cross-platform password manager that synchronizes between platforms (desktop, phone, tablet, etc.) and browsers.  Unlike many products, you can fully self-host Bitwarden.

You might enjoy reading our earlier piece on self-hosted Bitwarden.

Most people using Bitwarden need their passwords to fill in web sites and other online services.  But what if you want to access your passwords on the command line, perhaps because you need server access credentials?  Can do!

Installing bw

The command-line client is called ‘bw’.  To install it, you need to setup the Node Package Manager:

apt install npm

Next, install the Bitwarden cli:

npm install -g @bitwarden/cli

If You’re Self-Hosted

By default, bw will try to talk to bitwarden.com (the official Bitwarden server).  But if you’re self-hosted, you can configure it to talk to your server.

Type this command:

raindog308@client:~$ bw config server bitwarden.lowend.party
Saved setting `config`.

Now if you look in your home directory’s .config folder, you’ll see a “Bitwarden CLI” subdirectory.  In the data.json file in that directory, you’ll see that bw is configured for your server.

raindog308@client:~$ cat .config/Bitwarden\ CLI/data.json 
  "installedVersion": "1.11.0",
  "environmentUrls": {
    "base": "https://bitwarden.lowend.party",
    "api": null,
    "identity": null,
    "webVault": null,
    "icons": null,
    "notifications": null,
    "events": null,
    "enterprise": null

If you’re using the official bitwarden.com servers, this step is unnecessary.

Logging In

Let’s login to our server.

raindog308@client:~$ bw login
? Email address: raindog308@raindog308.com
? Master password: [hidden]
You are logged in!

To unlock your vault, set your session key to the `BW_SESSION` environment variable. ex:
$ export BW_SESSION="xxxXXXxxx=="

$ env:BW_SESSION="xxxXXXxxx=="

You can also pass the session key to any command with the `--session` option. ex:
$ bw list items --session xxxXXXxxx==

You can take that export statement and execute it:

$ export BW_SESSION="xxxXXXxxx=="

Now you can use various bw commands.  You can also put that command in your .bash_profile and it will be executed every time you login, but be aware of the security tradeoffs.

Using bw

Let’s see what items we have in our vault.  They’ll come across as easily parsable json:

raindog308@client:~$ bw list items --pretty
    "object": "item",
    "id": "2606ba51-8f15-42a8-a380-abe90177aa66",
    "organizationId": null,
    "folderId": null,
    "type": 1,
    "name": "lowendtalk.com",
    "notes": null,
    "favorite": false,
    "login": {
      "uris": [
          "match": null,
          "uri": "https://www.lowendtalk.com"
      "username": "raindog308",
      "password": "my-secret-LET-password",
      "totp": null,
      "passwordRevisionDate": null
    "collectionIds": [],
    "revisionDate": "2020-06-29T22:47:45.373Z"

If you only want one password:

raindog308@client:~$ bw get password lowendtalk.com

The CLI many other useful commands.  For example, you get search:

bw list items --search lowend --pretty

If you install the jq package via

apt install jq

You can then parse that easily:

bw get item lowendtalk.com | jq '.login.password'

You can generate passwords:

raindog308@client:~$ bw generate -ulns --length 25

In this example, the “-ulns” means “include upper, lower, numbers, symbols”.

The command-line docs outline many other things you can do with bw, or type bw –help for a quick overview.



No Comments

    Leave a Reply

    Some notes on commenting on LowEndBox:

    • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
    • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
    • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

    Your email address will not be published. Required fields are marked *