2.5k
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill openclaw-bitwarden- _meta.json282 B
- SKILL.md4.3 KB
Overview
This skill sets up and operates the Bitwarden CLI (bw) for installing, unlocking, and reading or generating secrets. It manages session state by enforcing BW_SESSION usage inside a dedicated tmux session so authenticated commands persist. The skill also includes guidance for local testing with Vaultwarden and common bw commands.
How this skill works
It verifies the CLI presence and login status, then performs login and unlock flows to obtain the BW_SESSION key. All authenticated bw commands are executed inside a dedicated tmux session to persist the session key across commands. The skill provides scripts and examples for syncing, searching, reading specific fields (password, username, totp), and generating secrets.
When to use it
- When installing or validating the bw CLI (bw --version).
- When you need to log in or unlock a Bitwarden vault programmatically.
- When reading or generating secrets, usernames, or TOTP codes via bw.
- When running automation that requires a persistent BW_SESSION across commands.
- When testing integration locally using Vaultwarden (self-hosted server).
Best practices
- Always run bw commands inside a dedicated tmux session to persist BW_SESSION.
- Never paste secrets into logs, chat, or source code; use bw get password or bw get <field> to retrieve only the needed secret.
- Use bw sync after unlocking to ensure the local cache is up to date.
- Lock the vault with bw lock when finished and kill the tmux session to remove the session key.
- Prefer bw CLI options that return minimal data (e.g., bw get password) instead of full JSON when possible.
Example use cases
- Automated deployment scripts that fetch service credentials securely from Bitwarden.
- CI job that unlocks a vault inside a tmux session, reads API keys, and then locks the vault.
- Local development using Vaultwarden Docker Compose to test secret retrieval and generation.
- Generating long, complex passwords with bw generate and storing them in a script-driven workflow.
- Retrieving TOTP codes for automated login flows or one-off manual retrieval inside tmux.
FAQ
The bw CLI returns a session key that must be exported to BW_SESSION; tmux persists that environment across commands and shells so authenticated operations continue to work.
What do I do if I see 'Vault is locked'?
Re-run bw unlock inside the same tmux session to refresh BW_SESSION and then retry the command; ensure you captured the --raw session key into BW_SESSION.