If you aren’t using a password manager, you’re not doing security right. By not employing such a tool, you’re probably using passwords you can memorize, which means they aren’t terribly secure. To fix that problem, you need to make use of a password manager that can securely store complicated passwords. Yes, requires more work on your part (you’ll have to log into the password manager, retrieve your password, and then type it out). That sacrifice of convenience is worth the added security gained by using very complicated passwords.

SEE: Password managers: How and why to use them (free PDF) (TechRepublic)

But most password managers are GUI tools. Notice I said “most.” There are a few command line password managers available, for use on a Linux, macOS, or Windows desktop or server. I want to introduce you to one such tool. Bitwarden. Their particular entry into the CLI password management system is quite different than any other. It’s open source and also in beta. I’ll be demonstrating how to use this tool on Ubuntu Linux 18.04. The installation will vary (based on your platform of choice), but the usage of the tool is the same.

Let’s install and use Bitwarden.


Before we install the tool, it is necessary to create a Bitwarden account. To do this, head over to the Bitwarden site and create a new account. The account is free and required to use the CLI tool. Once you’ve created your account, you might want to start adding entries via the web interface (trust me on this one). Next, download the necessary zip file from the Bitwarden download site. If you’re on a terminal-only Linux server, you can do that with the command:

wget https://github.com/bitwarden/cli/releases/download/v1.0.1/bw-linux-1.0.1.zip

Unpack the zip file with the command:

unzip bw-linux-1.0.1.zip

The above command will decompress a single file, named bw. Install the executable into the necessary directory with the command:

sudo install bw /usr/local/bin/


Now we’re going to use the CLI to log into our Bitwarden account. To do this, issue the command:


Where EMAIL and PASSWORD are the credentials used to create your Bitwarden account.

Once you successfully authenticate against your Bitwarden account, you will see a bit of output at the command line. The first is the means to unlock your vault by passing an export command to the shell. Copy that command and run it. If you forget to run (or lose) those commands, you can retrieve them with the command:

bw unlock

You will be prompted for your master password (the password you used when setting up the account). Once authenticated, you can then sync your account to the CLI tool with the command:

bw sync

List out all entries you have saved on your Bitwarden account with the command:

bw list items

Creating a new entry is complicated. Let’s walk through the process of creating a new folder. Let’s say we’re going to create a folder called TechRepublic. Here are the steps:

  1. Get the JSON template for the object we’re creating (in this case a folder) with the command bw get template folder. This will report {“name”:”Folder name”}. That is the information you need for creating a new folder.
  2. Get the encode key for create our new folder, issue the command echo ‘{“name”:”TechRepublic”}’ | bw encode.
  3. Copy the output of the above command (a string of random character) and paste it here bw create folder RANDOM_STRING (Where RANDOM_STRING Is the output from the above encode command).

After running the final command, you should see ouput indicating your folder was created.

To add an item, you do the same thing, only you initially issue the command bw get template item. The output of this command is considerably longer:

{"organizationId":null,"folderId":null,"type":1,"name":"Item name","notes":"Some notes about this item.","favorite":false,"fields":[],"login":null,"secureNote":null,"card":null,"identity":null}

You would then do the same thing to create the new item as you did with the folder (only you’ll have a lot more information to fill out). If you wind up with an error parsing the encoded request data issue, it means you filled out the template data incorrectly. Try and try again.

As you might expect, adding items via the Bitwarden command line is quite the endeavor. My best advice is to add items via the web interface and then retrieve them with the CLI. Otherwise, you’ll wind up spending a great deal of time trying to figure out how to add a simple login entry to your account.

Make sure, when you’re done using the Bitwarden CLI, you lock the vault with the command:

bw lock

A worthy challenge

If you want to learn more about how to use this challenging password manager, take a look at the official documentation. But, as I said, you’ll probably wind up using the CLI tool more for retrieving items, than you will for adding items. Either way, Bitwarden is certainly a worthy contender for the top spot in CLI password manager tools.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays