bitwarden-secrets
// Safely access Bitwarden or Vaultwarden secrets via the bw CLI with redacted outputs by default. Use for vault sync, item search, metadata retrieval, and (only with explicit confirmation) revealing a single secret field.
$ git log --oneline --stat
stars:1,933
forks:367
updated:March 4, 2026
SKILL.mdreadonly
SKILL.md Frontmatter
namebitwarden-secrets
descriptionSafely access Bitwarden or Vaultwarden secrets via the bw CLI with redacted outputs by default. Use for vault sync, item search, metadata retrieval, and (only with explicit confirmation) revealing a single secret field.
Bitwarden Secrets (safe-by-default)
Use this skill to interact with Bitwarden/Vaultwarden through bw while minimizing accidental secret leakage.
Prerequisites
bwCLI installed.- Server configured (
bw config server <url>). - Logged in (
bw login --apikey) and unlocked (bw unlock) soBW_SESSIONis available.
Commands
cd skills/bitwarden-secrets
python3 scripts/vw_cli.py status
python3 scripts/vw_cli.py sync
python3 scripts/vw_cli.py search --query google
python3 scripts/vw_cli.py get --id <item_id>
Bootstrap helper (optional)
Load runtime vars + refresh session + sync in one step:
source scripts/vw_bootstrap.sh
# or after shell reload:
vw-openclaw-ready
Reveal (explicit only)
By default, do not reveal secret values in chat. Use reveal only with explicit user consent and temporary policy override:
export VW_REVEAL_ALLOW=1
python3 scripts/vw_cli.py reveal --id <item_id> --field password --confirm YES_REVEAL
unset VW_REVEAL_ALLOW
Safety policy
- Default outputs are redacted/metadata-only.
- No bulk secret dumps.
- Prefer IDs + labels and retrieve only the minimum needed field.
- Reveal requires BOTH
VW_REVEAL_ALLOW=1and--confirm YES_REVEAL.