Hi, could you get me started on API access to retrieve passwords.
I’m a vaultwarden and API novice.
So far I have tried:
$ curl https://vaultwarden.mydomain.tld/list/object/items
$ curl https://vaultwarden.mydomain.tld/api/object/password/{id}
…to no avail (404 and other errors)
Any basic steps would be apprecaited.
Vaultwarden does not support the public Bitwarden API.
We only support the client API which is very different.
Thanks for the info.
Is the client API documented? And would you be so kind as to give me a sample curl call to it?
It is not documented. Best way would be to use a browser and use the Developer Console (F12) and see what calls it does.
An other option would be, and that might be a better solution for you is to use the Bitwarden CLI, which has a built-in API Server.
See: Password Manager CLI | Bitwarden Help Center
Thanks - I’ll take a look at both options.
You may wish to look at the documented valut management API.
Which as mentioned can be accomplished with bw serve command using the Bitwarden CLI.
For posterity, this pulls in the whole vault
curl --request GET \
--url "https://vaultwarden-instance.com/api/sync?excludeDomains=true" \
-H "Authorization: Bearer <token>"
Decrypting here https://github.com/jcs/rubywarden/blob/master/API.md#cipher-encryption-and-decryption
Hey, sorry for reviving this old post. I am trying to automate new user invitation with the Vaultwarden API. How do you find the token to authenticate?
Hello,
let me chime in here… I installed vaultwarden server, screated separate user that will store only secrets, and dumped API key.
On the linux machine i installed bw cli, but in case i want to auth agains vaultwarden server i have to provide
so to automate abovementioned 3 steps, i have to dump client id, client secret and master pass to some file, unlock bw and receive and store BW_SESSION
Once attacker compromise machine he can simply dump / access all my secrets, correct?
One more question - how long is active BW_SESSION, or whats the expire timeout?
Is there any reason to use “serve” command to be able to pull data from vault? Whats the benefit … as i can pull it using bw cli?
Any chance how to make this more secure?
I want to store inside vaultwarden passwords to my restic repository, i dont wanna store these inside env file … bc so many repositories so it might be a mess.
Thanks!
Hi,
I am new to vaultwarden. So please correct me, if I am wrong.
If you want to fully automate a bw cli session, there is no way around storing secrets on the disk. I would never store my master password unencrypted, so I decided to write a script which requires manual authentication/unlock but automates everything else I need. It stores BW_SESSION in a bash variable.
I don’t know if there is an expiration, it will be active until you invoke lock or logout.
The serve command provides a REST api, so the benefit is not that you can do more in general, but that it provides a standardized interface.