bw-picker
| Crates.io | bw-picker |
| lib.rs | bw-picker |
| version | 1.0.0 |
| created_at | 2025-06-16 22:03:33.548104+00 |
| updated_at | 2025-06-28 20:54:28.099344+00 |
| description | CLI tool used to fetch passwords and more from Bitwarden using their Vault API. |
| homepage | |
| repository | https://gitlab.com/martin.lofgren/bw-picker |
| max_upload_size | |
| id | 1714876 |
| size | 127,437 |
Martin Löfgren (martinlofgren)
documentation
README
bw-picker
bw-picker is a glue layer between Bitwarden and your favorite fuzzy finder tool (e.g. fzf or fuzzel). It works by fetching a list of all your logins from Bitwarden, feeding it into the fuzzy finder and fetching the details for the selected login, optionally copying the password to the OS clipboard. It was born out of frustration with having to switch to Firefox and do a whole lot of clicking whenever I needed to retrieve a password in some non web context.
Installing
bw-picker is written in Rust. bw-picker can be installed from crates.io or compiled from source using Cargo and a Rust toolchain; these tools are most easily installed and handled using rustup.
To install from crates.io:
$ cargo install bw-picker
To build from source:
$ git clone https://gitlab.com/martin.lofgren/bw-picker.git
$ cargo build --release
$ target/release/bw-picker
To install from source:
$ git clone https://gitlab.com/martin.lofgren/bw-picker.git
$ cargo install --path .
For more information on the usage of Cargo, please consult the documentation.
Usage
Prerequisites
bw-picker uses the Bitwarden Vault Management
API to retrieve the items
stored in your vault. To use the API, one needs to use the Bitwarden
CLI running as a local HTTP server using the
bw serve command. This is not handled
by bw-picker in any way currently; you must manually run the server and
authenticate towards it for bw-picker to function. In general, this means
running bw config (with options, see the
documentation) and bw login to set
things up, and then start the server with the bw serve command. To make this a
bit more ergonomic, one can use the Systemd unit file located in the systemd/
directory to automate this (if you're on a system using Systemd that is;
remember to adapt the path to the bw executable in the unit file).
Command line usage
bw-picker uses subcommands for the different functions provided. In addition, command line options are used for setting different properties. The following options are available regardless of which subcommand is used:
| Option | Default value | Description |
|---|---|---|
--bw-host <BW_HOST> |
localhost | Bitwarden CLI server host |
--bw-port <BW_PORT> |
8087 | Bitwardne CLI server port |
unlock
Before accessing the vault using the API, one needs to unlock it. This can be
done using the unlock subcommand, or by sending a request to the server
manually, e.g. using curl:
$ curl \
--data "{\"password\": \"$BITWARDEN_PASSWORD\"}" \
--header "Content-Type: application/json" \
http://localhost:8087/unlock
The unlock subcommand has no options, the password is read interactively from
the command line.
lock
To protect the vault, it should be locked when not in use. This can be done
using the lock subcommand, or by sending a request to the server manually,
e.g. using curl:
$ curl -X POST http://localhost:8087/lock
The lock subcommand has no options.
fetch
When the Bitwarden CLI HTTP server is running and the vault is unlocked, you're
ready to use bw-picker for fetching login information. This is done using the
fetch subcommand.
| Option | Default value | Description |
|---|---|---|
--command <COMMAND> |
fzf | Picker application command |
--copy-command <COPY_COMMAND> |
wl-copy | Clipboard copy command |
--what-to-pick <WHAT_TO_PICK> |
password | What to pick; possible values are [password, username, totp] |
help
Show help for the application or the available subcommands.
Contributing
If you find a bug or have a feature request, feel free to open an issue. If you have a solution to the bug, or an implementation of the feature, feel even more free to open a merge request.
Licensing
This project is licensed under GPLv3. See COPYING.