Warden MCP Server
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| BW_BIN | No | Explicit path to the Bitwarden CLI binary (bw). By default it looks for the bundled binary or system PATH. | |
| BW_HOST | No | The URL of the Bitwarden or Vaultwarden server (e.g., https://vaultwarden.example.com). | |
| BW_USER | No | The email address for Bitwarden/Vaultwarden login. | |
| READONLY | No | Set to 'true' to block all write operations (create/edit/delete/move/restore/attachments). | |
| BW_CLIENTID | No | The Bitwarden API Client ID for authentication. | |
| BW_PASSWORD | No | The master password required to unlock the vault. | |
| BW_CLIENTSECRET | No | The Bitwarden API Client Secret for authentication. | |
| KEYCHAIN_BW_HOME_ROOT | No | Root directory where Bitwarden CLI state is stored to avoid session/config clashes. | |
| KEYCHAIN_SESSION_TTL_MS | No | Session Time-To-Live in milliseconds. | 900000 |
| KEYCHAIN_MAX_HEAP_USED_MB | No | Maximum heap memory usage in MB before triggering fuse (set '0' to disable). | 1536 |
| KEYCHAIN_SESSION_MAX_COUNT | No | Maximum number of active sessions. | 32 |
| KEYCHAIN_METRICS_LOG_INTERVAL_MS | No | Interval for logging metrics in milliseconds (0 to disable). | 0 |
| KEYCHAIN_SESSION_SWEEP_INTERVAL_MS | No | Interval for sweeping expired sessions in milliseconds. | 60000 |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| keychain_statusB | Returns Bitwarden CLI status (locked/unlocked, server, user). |
| keychain_encodeB | Base64-encode a string (bw encode). |
| keychain_generateC | Generate a password/passphrase (bw generate). Returning the value requires reveal=true. |
| keychain_generate_usernameC | Generate a username like the Bitwarden generator (random word, plus-addressed email, catch-all). Returning the value requires reveal=true. |
| keychain_list_foldersB | List Bitwarden folders (personal). |
| keychain_create_folderC | Create a Bitwarden folder (personal). |
| keychain_edit_folderC | Rename a Bitwarden folder (personal). |
| keychain_delete_folderC | Delete a Bitwarden folder (personal). |
| keychain_list_org_collectionsC | List organization collections. |
| keychain_create_org_collectionD | Create an organization collection. |
| keychain_edit_org_collectionC | Rename an organization collection. |
| keychain_delete_org_collectionC | Delete an organization collection. |
| keychain_move_item_to_organizationC | Move an item to an organization (optionally assigning collection ids). |
| keychain_list_organizationsB | List organizations available to the current Bitwarden user. |
| keychain_list_collectionsB | List collections (optionally filtered by organization). |
| keychain_search_itemsB | Search vault items by text and filters (org/folder/collection/url). |
| keychain_get_itemB | Get a vault item by id. |
| keychain_get_uriC | Get a login URI by search term (bw get uri). |
| keychain_get_notesC | Get item notes by search term (bw get notes). |
| keychain_get_exposedC | Check exposed status by search term (bw get exposed). |
| keychain_get_folderC | Get a folder by id (bw get folder). |
| keychain_get_collectionB | Get a collection by id (bw get collection). |
| keychain_get_organizationB | Get an organization by id (bw get organization). |
| keychain_get_org_collectionB | Get an org collection by id (bw get org-collection). |
| keychain_delete_itemA | Delete an item by id (soft-delete by default; set permanent=true to hard delete). |
| keychain_delete_itemsB | Delete multiple items by id. Returns per-id results (soft-delete by default; set permanent=true to hard delete). |
| keychain_restore_itemC | Restore an item from trash by id. |
| keychain_create_attachmentC | Attach a file (base64) to an existing item. Returns the updated (redacted) item. |
| keychain_delete_attachmentC | Delete an attachment from an item. Returns the updated (redacted) item. |
| keychain_get_attachmentB | Download an attachment from an item and return it as base64 (bw get attachment). |
| keychain_send_listA | List all the Sends owned by you (bw send list). |
| keychain_send_templateC | Get json templates for send objects (bw send template). |
| keychain_send_getA | Get Sends owned by you. Use text=true to return text content; downloadFile=true to download a file send (bw send get). |
| keychain_send_createC | Create a Bitwarden Send. For file sends, pass filename+contentBase64. (bw send). |
| keychain_send_create_encodedB | Create a Send via |
| keychain_send_editB | Edit a Send via |
| keychain_send_remove_passwordA | Remove a Send's saved password (bw send remove-password). |
| keychain_send_deleteB | Delete a Send (bw send delete). |
| keychain_receiveB | Access a Bitwarden Send from a url. Use obj=true for JSON object; downloadFile=true for file content. (bw receive) |
| keychain_get_usernameB | Get a login username by search term (bw get username). |
| keychain_get_passwordA | Get a login password by search term (bw get password). Returning a password requires reveal=true. |
| keychain_get_totpA | Get a TOTP code/seed by search term (bw get totp). Returning a TOTP requires reveal=true. |
| keychain_get_password_historyA | Get an item password history (if any). Returning passwords requires reveal=true. |
| keychain_create_loginD | Create a login item. |
| keychain_create_loginsC | Create multiple login items in a single call. |
| keychain_set_login_urisB | Set or update the URIs (and per-URI match types) for a login item. mode=replace overwrites; mode=merge updates/adds by uri. |
| keychain_create_noteC | Create a secure note item. |
| keychain_create_ssh_keyC | Create an SSH key object (stored as secure note with fields). |
| keychain_create_cardC | Create a payment card item. |
| keychain_create_identityD | Create an identity item. |
| keychain_update_itemC | Update selected fields of an item by id. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/icoretech/warden-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server