bw

The Bitwarden command-line interface (CLI) is a powerful, fully-featured tool for accessing and managing your Vault. Most features that you find in other Bitwarden client applications (Desktop, Browser Extension, etc.) are available from the CLI.^[1]

bw [EN] @ Homebrew Formula

Documentation

Bitwarden CLI [EN]

Syntax

bw SUBCOMMAND [PARAMETER ...]

Subcommands & Parameters

Global parameters

The following parameters can be used with the subcommands below:

--pretty: Format output. JSON is tabbed with two spaces.
--raw: Return raw output instead of a descriptive message.

generate [PARAMETER ...]

Generate a password/passphrase.

--ambiguous: Avoid ambiguous characters.
-c, --capitalize: Title case passphrase.
--includeNumber: Passphrase includes number.
-l, --lowercase: Include lowercase characters.
--length LENGTH: LENGTH of the password.
-n, --number: Include numeric characters.
-p, --passphrase: Generate a passphrase.
-s, --special: Include special characters.
--separator SEPERATOR: Word SEPERATOR.
--words NUMBER: NUMBER of words.
-u, --uppercase: Include uppercase characters.

get [PARAMETER ...] OBJECT ID|PATTERN: Get an OBJECT from the vault.; Valid OBJECTs are: item, username, password, uri, totp, notes, exposed, attachment, folder, collection, org-collection, organization, template, fingerprint, send

list [PARAMETER ...] OBJECT

List an array of OBJECTs from the vault.

Valid OBJECTs are: items, folders, collections, org-collections, org-members, organizations

--search PATTERN: Perform a search on the listed objects.
--trash: Filter items that are deleted and in the trash.

NOTE:

Combining search with a filter performs a logical AND operation. Combining multiple filters performs a logical OR operation.

login [PARAMETER ...] [EMAIL] [PASSWORD]: Log into a user account.

logout: Log out of the current user account.

sync [PARAMETER ...]

Pull the latest vault data from server.

-f, --force: Force a full sync.

unlock [PARAMETER ...] [PASSWORD]: Unlock the vault and return a new session key.

Examples

Connect to a self-hosted Bitwarden server

bw config server 'https://bitwarden.raysoft.loc'

Login into the Bitwarden server and save the session key in the variable BW_SESSION

export BW_SESSION="$(bw login --raw 'alex.the.lion@raysoft.loc')"

Mount a protected disk image with a password provided by Bitwarden

bw get --raw 'password' 'Disk Image' \
| hdiutil attach -stdinpass 'image.dmg.sparseimage'

Generate and print a QR code for my Wi-Fi based on a SSID and a password from Bitwarden

ssid="$(bw get --raw 'username' 'Wi-Fi Shared Password')"
passwd="$(bw get --raw 'password' 'Wi-Fi Shared Password')"

qrencode --dpi=300 --output=- --size=100 \
  "WIFI:S:${ssid};T:WPA2;P:${passwd};;" \
| lpr -P 'Brother_HL_525DN_series' -o 'media=a4' -o 'number-up=4'

unset -v ssid passwd

Logout from the Bitwarden server

NOTE:

The session key becomes invalid when you log out!

bw logout

Generate password

bw generate --ambiguous --length 25 --lowercase --minNumber 5 --minSpecial 5 \
  --number --special --uppercase

Output:

#@Zp8Jt#Zvr2s416^88h2h%qq

Generate passphrase

bw generate --passphrase --capitalize --includeNumber --separator '*' --words 4

Output:

Cohesive2*Retract*Choice*Handbrake

References

↑ Bitwarden employees. "Password Manager CLI." Bitwarden. https://bitwarden.com/help/cli/ (accessed 02.05.2024)

[{{{ref}}}-1] Bitwarden employees. "Password Manager CLI." Bitwarden. https://bitwarden.com/help/cli/ (accessed 02.05.2024)

[1]