Skip to main content
Bitwarden integration is available on the enterprise plan. Contact sales@skyvern.com for access.
Skyvern can integrate with your Bitwarden account. Skyvern reads credentials on the fly to complete tasks while keeping your credentials secure. Skyvern never stores your Bitwarden credentials or sends them to LLMs.

How it works

Works with hosted Bitwarden and the self-hosted Vaultwarden fork. Supports passwords, credit cards, and identity data (SSN, address, phone numbers).
Make sure your Bitwarden account is on bitwarden.com, not bitwarden.eu. The EU instance uses a different API that Skyvern does not currently support.

Cloud setup

1

Create a Bitwarden Organization

Log into Bitwarden, navigate to Admin Console, and ensure you have an organization created.
2

Create a collection to share with Skyvern

In your organization, click New → Create a collection. Name it something identifiable (e.g., “Skyvern Credentials”). Skip this step if you already have a collection ready.
3

Configure access with the Skyvern team

Go to the Access tab on your collection. This step requires coordination with the Skyvern enterprise team, who will configure access on their end. Contact sales@skyvern.com to get started.
4

Grab your Collection ID

Click into the collection and find the collection UUID in the URL bar.
5

Add to a workflow

In the Skyvern workflow editor, click Parameters → Add Parameter → Credential Parameter and select the Bitwarden tab. Enter your Collection ID and optionally an Item ID to target a specific vault item.

Configuration options

FieldDescription
Collection IDThe UUID of your Bitwarden collection (found in the URL when viewing the collection)
Item IDTarget a specific vault item. Leave blank to use URL matching instead.
URL Parameter KeyMatch credentials by the target URL. Useful when the same workflow runs against different sites.

Identity data

For identity fields (SSN, address, phone numbers), specify an Identity Key and a comma-separated list of Identity Fields (e.g., ssn, address, phone) in the Credential Parameter configuration panel.

Self-hosted Bitwarden (Vaultwarden)

Skyvern integrates with self-hosted Bitwarden-compatible services like Vaultwarden using the Bitwarden CLI server as a bridge: 
Skyvern → bw serve (CLI Server) → Vaultwarden

Environment variables

# Skyvern Bitwarden Configuration
SKYVERN_AUTH_BITWARDEN_ORGANIZATION_ID=your-org-id-here
SKYVERN_AUTH_BITWARDEN_MASTER_PASSWORD=your-master-password-here
SKYVERN_AUTH_BITWARDEN_CLIENT_ID=user.your-client-id-here
SKYVERN_AUTH_BITWARDEN_CLIENT_SECRET=your-client-secret-here

# Vaultwarden Configuration
BW_HOST=https://your-vaultwarden-server.com
BW_CLIENTID=${SKYVERN_AUTH_BITWARDEN_CLIENT_ID}
BW_CLIENTSECRET=${SKYVERN_AUTH_BITWARDEN_CLIENT_SECRET}
BW_PASSWORD=${SKYVERN_AUTH_BITWARDEN_MASTER_PASSWORD}

# CLI Server Configuration
BITWARDEN_SERVER=http://localhost
BITWARDEN_SERVER_PORT=8002

Starting the CLI server

Start the CLI server with Docker Compose: 
docker-compose up -d bitwarden-cli
Verify it’s running: 
curl http://localhost:8002/status

How It Works

  1. vaultwarden - Your existing password manager server
  2. bitwarden-cli container - Runs bw serve to provide REST API endpoints
  3. Skyvern - Uses the CLI server’s REST API to access credentials

Available API Endpoints

The CLI server provides these endpoints on port 8002:
  • GET /status - Server status
  • POST /unlock - Unlock vault
  • GET /list/object/items - List all items
  • GET /object/item/{id} - Get specific item
  • POST /object/item - Create new item
  • GET /object/template/item - Get item template

Troubleshooting

CLI Server Won’t Start

Check the container logs: 
docker-compose logs bitwarden-cli
Common issues:
  • Invalid API credentials
  • Wrong vaultwarden server URL
  • Network connectivity issues
  • Incorrect master password

Skyvern Can’t Connect

  1. Verify CLI server is running: curl http://localhost:8002/status
  2. Check that BITWARDEN_SERVER=http://localhost and BITWARDEN_SERVER_PORT=8002
  3. Ensure proper organization ID and credentials are set

Security Notes

  • The CLI container runs as a non-root user
  • Only binds to localhost by default for security
  • Vault remains encrypted until explicitly unlocked
  • Uses API key authentication with vaultwarden

Credentials Overview

Built-in credential storage, security model, and quick start

Password Credentials

Store login details with optional 2FA

Custom Providers

Connect other credential vaults like 1Password or Azure Key Vault

Build docs developers (and LLMs) love

Get started for freeTalk to us