MCP.so
Sign In
M

MCP Vaultwarden Connector

@fkom13

About MCP Vaultwarden Connector

Provides a bridge for scripts and AI agents to interact with a self-hosted Vaultwarden instance.

Basic information

Category

Other

Transports

stdio

Publisher

fkom13

Submitted by

Franck Martin

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "vaultwarden": {
      "command": "npx",
      "args": [
        "mcp-vaultwarden-server"
      ],
      "env": {
        "BITWARDEN_HOST": "https://your-vaultwarden-instance.com",
        "BW_CLIENTID": "user.xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "BW_CLIENTSECRET": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
        "BW_MASTER_PASSWORD": "your-master-password"
      }
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is MCP Vaultwarden Connector?

MCP Vaultwarden Connector is an MCP server that exposes a simple interface to interact with a self-hosted Vaultwarden instance. It wraps the official Bitwarden CLI (bw), automatically managing sessions and unlocking the vault on demand, making it suitable for AI agents and automation scripts.

How to use MCP Vaultwarden Connector?

Install via NPM (recommended) or from source. Configure the client to launch the server with environment variables: BITWARDEN_HOST, BW_CLIENTID, BW_CLIENTSECRET, and BW_MASTER_PASSWORD. Then invoke tools like get_secret, list_secrets, create_secret, etc., through the MCP protocol.

Key features of MCP Vaultwarden Connector

  • Auto-unlock with session caching for vault access.
  • Lock mechanism prevents concurrent unlock conflicts.
  • Full CRUD operations on secrets.
  • JSON templates for creating new items.
  • Relies on official bw CLI for all cryptographic operations.

Use cases of MCP Vaultwarden Connector

  • AI agents fetching credentials from a self-hosted Vaultwarden.
  • Scripted automation for rotating secrets or provisioning access.
  • Integration with CI/CD pipelines to manage deployment secrets.
  • Non-interactive management of vault items (create, update, delete).

FAQ from MCP Vaultwarden Connector

What does MCP Vaultwarden Connector do that the raw Bitwarden CLI does not?

It automatically handles session login, unlock, and caching, so agents don't need manual bw login or bw unlock commands. It also manages concurrent access with a lock mechanism.

What are the prerequisites to run MCP Vaultwarden Connector?

The machine must have the Bitwarden CLI (bw) installed and accessible in the PATH. Node.js 18 or later is also required.

How does MCP Vaultwarden Connector handle session security?

All cryptographic operations are delegated to the official bw CLI. The master password is passed via environment variable and must be managed securely—never commit it, and use secrets managers in production.

What tools does MCP Vaultwarden Connector expose?

It provides get_secret, list_secrets, get_secret_template, create_secret, update_secret, delete_secret, and sync.

Where are vault data stored?

Data resides on the self-hosted Vaultwarden server. The MCP server synchronizes a local cache via the sync tool and the bw CLI.

Comments

More Other MCP servers