mcp

This MCP server exposes Bitwarden functionality to MCP-compatible AI clients. It provides two interfaces: Vault Management and CLI tools, which interacts with Bitwarden vault items, folders, attachments, and password generation via the Bitwarden CLI; and Organization Administration via the Bitwarden Public API, enabling management of collections, members, groups, policies, audit logs, and subscriptions. After configuring the server locally, you can connect an MCP client (for example Claude Desktop) and issue natural language prompts like listing vault items, retrieving credentials, generating passwords, or managing organization users and policy settings. Use within a trusted, local environment to avoid exposing sensitive data.

To use the tools, configure the client to run the MCP server locally, typically by pointing to the server's stdio interface and providing necessary environment variables. For Vault operations, supply a BW_SESSION token (and optionally BW_CLIENT_ID/ BW_CLIENT_SECRET for API features). The CLI-based vault actions include listing, getting, creating, editing, deleting, and restoring items, as well as managing folders and attachments. For organization administration, enable API credentials and supply the BW_CLIENT_ID, BW_CLIENT_SECRET, and BW_API_BASE_URL as needed. Authentication and session management must be kept secure; never share the configuration file containing tokens.

Prerequisites

• Node.js 22+ and npm
• Bitwarden CLI installed if you plan to use Vault CLI features

Option A - Run via npx (recommended for quick start)

1. Ensure Node.js and npm are installed.
2. Run the MCP server via npx: npm install -g @bitwarden/mcp-server (optional for local caching) npx -y @bitwarden/mcp-server
3. Set required environment variables when starting the server or in your MCP client configuration, e.g. BW_SESSION for vault access.

Option B - Locally build from source

1. Clone the repository.
2. Install dependencies and build: npm install npm run build
3. Reference the built file from your MCP client (Claude Desktop or other) using: { "mcpServers": { "bitwarden": { "command": "node", "args": ["path/to/your/repo/dist/index.js"], "env": { "BW_SESSION": "your-session-token-here" } } } }

Option C - Other MCP clients Connect using a compatible MCP client by providing the server’s stdio transport configuration as described in its documentation.

Prerequisites recap

• Node.js 22+ and npm
• If using API features, Bitwarden Teams/Enterprise organization access and API credentials
• BW_SESSION token for vault access, BW_CLIENT_ID and BW_CLIENT_SECRET for API access

Security: This server is intended for local use only. Never expose the MCP server to the public internet. Protect BW_SESSION and API credentials; store them securely and do not commit to version control. When using local builds, ensure the client configuration points to localhost and uses secure channels where possible. If self-hosting Bitwarden, set BW_API_BASE_URL and BW_IDENTITY_URL accordingly. Common issues include missing BW_SESSION tokens, incorrect API credentials, or firewall rules blocking local MCP client access. Regularly review logs for abnormal activity and rotate credentials periodically.