I have a shell script that accesses a service using a password. What would be a better idea than copying the password from vaultwarden and pasting it in clear text in the script?
The host has docker for vaultwarden so is docker secrets a possibility?
Encrypting the password with openssl into a file and putting the decryption key in clear text in the script is an idea found by googling.
Can vaultwarden encrypted json export a single entry and can a script decrypt the json file?
I recommend Hashicorp Vault for this use case. Scriptable, secure, OS/Free software.
Or use the Bitwarden CLI either the cli it self, or via the serve command.
I ended up using Bitwarden CLI which works flawlessly with vaultwarden. I created a new user & vault exclusively for scripting secrets to limit the attack surface.
Hashicorp Vault seems really great but the learning curve is more than I can handle.
Thanks for the tips!
I just saw this tip in the current bw CLI (2026.1.0) help:
Tip: Managing and retrieving secrets for dev environments is easier with Bitwarden Secrets Manager. Learn more here.
Does anyone know anything about Bitwarden Secrets Manager?
Would it work with the vaultwarden server?
Any advantage to convert a working bw CLI script to Bitwarden Secrets Manager?