Blog

It's minimal, but I'm posting things.

Interacting with Bitwarden in your terminal

What is Bitwarden

Bitwarden is a reputable and open-source password manager.
You save encrypted credentials in a Vault.
You can decrypt and access your Vault with a master password.

Bitwarden CLI is not very ergonomic

The Bitwarden tool for interacting with the CLI is pretty bare bones.

Bitwarden sells a solution to make interacting with their vault more convenient, but we don't need to use that for our purposes.

Using the Bitwarden CLI, here is what you'd be expected to do to obtain an entrie's password.

If you want to copy a password you must do the following:

bw password get [search_term]

However, if more than one result is returned, you must specify the item's id, which you can obtain by doing the following:

bw list items --search [search_term]

This returns a JSON string which contains a list of entries. Within each entry there is the item id.
To extract this id, you can use a tool such as jq which helps interacting with json strings in the CLI.
Once you have the id of the vault entry for which you need a password you can query it:

bw get password $id

I cannot imagine myself doing all of this manuallyl; there is a better way.

Bitwarden in the CLI, a better way.

We will define a function you can place in your .zshrc file (it probably works with .bashrc as well) which will automatically:

  1. Prompt you for a search_term input.
  2. Show you a selection dialog if multiple results are found.
  3. Retrieve and extract the password for the item you've selected.
  4. Put the extracted password into your clipboard, you can then simply paste it in.

Requirements

# xClip, FZF, and Bitwarden CLI
sudo apt install xclip fzf bw jq

Script

function bw-get-password() {
  searchTerm=$1
  if [ -z "$searchTerm" ]; then echo "ValueError: SearchTerm is empty." && return 2; fi

  json_url_ids=$(bw --nointeraction --cleanexit list items --search "$searchTerm" | jq '.[] | {uri: .login.uris[].uri, id: .id}')
  if [ -z "$json_url_ids" ]; then
    echo "No matching vault entries for '$searchTerm'"
    return 1
  fi

  selected_uri=$(echo $json_url_ids | jq --raw-output '.uri' | fzf --sync)

  selected_id=$(echo "$json_url_ids" | jq -r --arg uri "$selected_uri" '. | select(.uri == $uri) | .id')

  bw --nointeraction --cleanexit get password $selected_id | xclip -selection c
  echo "Successfully copied password for '$selected_uri'"
}

Going further in Zsh

You'll probably want to bind the above function to a keybind.
For me, I use zsh.
I bind the shortcut to LEFT_ALT + l.

function bitwarden-get-password() {
  zle -I
  read "searchTerm?Bitwarden Service search term: " < /dev/tty
  bw-get-password $searchTerm
}
zle -N bitwarden-get-password
bindkey "^[l" bitwarden-get-password

Improvement suggestions

  • Maintaining the bitwarden session alive securely, reducing the number of times you need to enter the master password.
  • Reducing the delay, as bitwarden takes a couple seconds to fetch data.
Published on 2025-03-03T13:05:31.377588Z
Last updated on 2025-03-03T13:05:31.377588Z