From dd2ff5d1b605a07b50d39cbb8dbbed662fcf9f79 Mon Sep 17 00:00:00 2001 From: alvis Date: Sun, 8 Mar 2026 13:13:12 +0000 Subject: [PATCH] Add Vaultwarden CLI setup and Claude token integration notes --- Vaultwarden.md | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/Vaultwarden.md b/Vaultwarden.md index da2e12c..61c99b9 100644 --- a/Vaultwarden.md +++ b/Vaultwarden.md @@ -31,7 +31,39 @@ services: - 127.0.0.1:8041:80 ``` +## CLI Setup + +Bitwarden CLI (`bw`) is installed at `/home/alvis/bin/bw` (on PATH). + +Server is configured to `https://localhost:8042` (Caddy local HTTPS — avoids hairpin NAT issue with public IP). + +```bash +# Configure server (one-time) +NODE_TLS_REJECT_UNAUTHORIZED=0 bw config server https://localhost:8042 + +# Login (one-time) +NODE_TLS_REJECT_UNAUTHORIZED=0 bw login adolf46@proton.me + +# Unlock and get session +SESSION=$(NODE_TLS_REJECT_UNAUTHORIZED=0 bw unlock '' 2>/dev/null \ + | grep -o 'BW_SESSION="[^"]*"' | cut -d'"' -f2) + +# Fetch a stored token +NODE_TLS_REJECT_UNAUTHORIZED=0 bw get item --session "$SESSION" 2>/dev/null \ + | python3 -c "import sys,json; notes=json.load(sys.stdin)['notes']; \ + print(next(v for k,v in (l.split('=',1) for l in notes.splitlines()) if k=='KEY_NAME'))" +``` + +## Agap Claude Tokens + +All Agap API tokens are stored in the **AI collection** as a secure note named **"Agap Claude Tokens"** (item ID: `dc65c697-7c9e-42d1-ac60-bd2900737a28`). + +Stored keys: `GITEA_TOKEN`, `ZABBIX_TOKEN`, `TELEGRAM_BOT_TOKEN`, `TELEGRAM_CHAT_ID`, `HA_TOKEN` + +Claude fetches these on demand using `BW_PASSWORD` from its environment. + ## Notes - `ADMIN_TOKEN` is an argon2id hash — generate with `vaultwarden hash` or use the web tool -- Caddy handles TLS: `vw.alogins.net { reverse_proxy localhost:8041 }` +- Caddy handles TLS at `https://localhost:8042` (local) and `https://vw.alogins.net` (public) +- `NODE_TLS_REJECT_UNAUTHORIZED=0` required because localhost uses a self-signed cert