rbw-mcp by dceluis - MCP Server

rbw-mcp

Model Context Protocol (MCP) server that enables interaction with the Bitwarden password manager vault via the rbw (Rust Bitwarden) command-line interface. The server allows AI models to securely communicate with a user's Bitwarden vault through defined tool interfaces.

Prerequisites

Node.js 22
rbw (Rust Bitwarden CLI) installed and configured.

Installation

Option One: Configuration in your AI app

Open up your application configuration, e.g. for Claude Desktop:

{
  "mcpServers": {
    "rbw": {
      "command": "npx",
      "args": ["-y", "rbw-mcp"]
    }
  }
}

Option Two: Local checkout

Requires that this repository be checked out locally. Once that's done:

npm install
npm run build

Setup

Install rbw: Follow the instructions for your platform on the official rbw repository. For example, on Debian/Ubuntu:
```
sudo apt-get update
sudo apt-get install rbw
```
Configure rbw: Configure rbw to connect to your Bitwarden account.
```
rbw config
```
Unlock your vault: Before running the MCP server, you must unlock your vault. This starts the rbw-agent and allows subsequent commands to run without prompting for a password.
```
rbw unlock
```
The server will check if the vault is unlocked on startup.

Testing

Running unit tests

The project includes Jest unit tests.

# Run all tests
npm test

# Run tests in watch mode
npm run test:watch

# Run tests with coverage
npm test -- --coverage

Inspection and development

MCP Inspector

Use the MCP Inspector to test the server interactively:

# Start the inspector
npm run inspect

This will:

Start the MCP server
Launch the inspector UI in your browser
Allow you to test all available tools interactively

Available tools

The server provides the following rbw CLI tools:

Tool	Description	Required Parameters	Notes
`lock`	Lock the vault by clearing cached keys from the agent.	None	Executes `rbw lock`.
`unlock`	Unlock the vault. This will trigger an interactive prompt for your master password if needed.	None	Executes `rbw unlock`.
`sync`	Sync vault data from the Bitwarden server.	None	Executes `rbw sync`.
`status`	Check if the vault is unlocked.	None	Executes `rbw unlocked`.
`list`	Lists items from the vault. Can be filtered by a search term.	Optional: `search`, `ignoreCase`	Executes `rbw list --fields name,user,id,folder` and filters results in-memory.
`get`	Get a specific field for an item (defaults to password).	`id` (required). Optional: `field`	Executes `rbw get <id>` or `rbw get --field ...`. Use `list` to find the exact ID first.
`code`	Get a TOTP code for an item.	`id`	Executes `rbw code <id>`. Use `list` to find the exact ID first.
`generate`	Generate a secure password or passphrase. By default, generates a strong password with symbols.	Optional: `length`, `diceware`, `noSymbols`	Executes `rbw generate`.
`delete`	Delete an item from your vault.	`id`	Executes `rbw rm <id>`.
`create`	Create a new login item in your vault.	`name` (required). Optional: `username`, `password`, `notes`, `uri`	Executes `rbw add`. Uses `EDITOR='tee'` for non-interactive input.
`edit`	Edit the password and/or notes for an existing item in your vault.	`id` (required). Optional: `password`, `notes`	Executes `rbw edit`. Uses `EDITOR='tee'` for non-interactive input.

Security considerations

Use rbw-agent: It is highly recommended to use rbw with its agent to handle the master password securely.
Validate all inputs: All tool inputs are strictly validated using Zod schemas.

Troubleshooting

Common issues

"Vault is locked" error on startup
- Run rbw unlock in your terminal before starting the server.
rbw command not found
- Ensure that rbw is installed and that its location is in your system's PATH.
Tests failing
- Ensure all development dependencies are installed with npm install.

dceluis/rbw-mcp

lock

unlock

sync

status

list

get

generate

delete

create

edit