Directory Connector CLI
The Directory Connector CLI is suited toward work in environments where a desktop GUI is unavailable, or if you want to programmatically script directory sync operations using tools provided by the operating system (cron job, scheduled task, etc.). The Directory Connector CLI can be used cross-platform on Windows, macOS, and Linux distributions.
Complete the following steps to get started with the Bitwarden Directory Connector CLI:
- Download the CLI from one of the following links:
.zipand move the contents (
/usr/local/binor another directory in your
$PATH. Please note,
keytar.nodemust be in the same directory as the primary
Linux Only: If not already installed, install
libsecretwith your package manager of choice:
apt-get install libsecret-1-0 brew install libsecret
Windows Only: Windows users can add
bwdc.exeto the current user’s
Verify that the
bwdccommand works in your terminal by running the following:
- Connect Directory Connector to your Directory using the
bwdc config <setting> <value>command (see command reference).
Configure Sync Options by editing your
data.jsonfile (to learn more, see Directory Connector File Storage). Use the
bwdc data-filecommand to obtain the absolute path of your
Available Sync Options depend on the directory type in use, so refer to one of the following articles for a list of options available to you:
- Run the
bwdc testcommand to check whether your configuration would sync the expected results.
- Once your Directory and Sync Options are properly configured, and
bwdc testyields the expected results, run the
bwdc synccommand to start a live sync operation.
login command to login to Directory Connector with your Bitwarden Account. You must be an Admin or Owner for your Organization to use Directory Connector (for more information, see User Types and Access Controls).
bwdc login [options] [email] [password]
--method: Use this options to specify the Two-step Login method to use.
0= Authenticator App
--code: Use this option to specify the Two-step Login code for the specified
--sso: Use this option to Login with SSO. Selecting this option will open the SSO Login Flow in your Web Browser. For more information, see Access your Vault Using SSO.
bwdc login [email protected] mystrongpassword --method 0 --code 204678
logout command to logout of the Directory Connector CLI.
The Bitwarden Directory Connector CLI is self-documented with
--help content and examples for every command. List all available commands using the global
--help option on any specific command to learn more about that command:
bwdc test --help bwdc config --help
test command queries your directory and prints a JSON formatted array of groups and users that would be synced to your Bitwarden Organization whenever you run a real sync operation.
--last option to test only the changes since the last successful sync.
bwdc test --last
sync command runs a live sync operation and pushes data to your Bitwarden Organization.
Synced users and groups will be immediately available in your Bitwarden organization. Newly added users will receive an email invite to your Organization.
last-sync command returns an ISO 8601 timestamp for the last sync operation that was performed for users or groups. You must specify either
groups as an
<object> to run the command against:
bwdc last-sync <object>
Returns an empty response if no sync has been performed for the given object.
config command allow you to specify your Directory settings:
bwdc config <setting> <value>
onelogin.secret can only be modified from the CLI using
bwdc config, or from the Desktop Application.
data-file command returns an absolute path to the
data.json configuration file used by the Directory Connector CLI:
Configuration settings can be modified for the Directory Connector CLI by editing the
data.json configuration file directly in your favorite text editor.
clear-cache command allows you to clear cached data that the application stores while performing sync operations. For more information, see Clear Sync Cache.
update command allows you to check if your Directory Connector CLI is up-to-date:
If a newer version is found, the command will return a URL to download a new version. The Directory Connector CLI will not automatically update. You will need to use this URL download the new version manually.
If you using the CLI and Desktop App together, it is important to ensure their versions match whenever in use. Running two different versions may cause unexpected issues.
Check the version of the Directory Connector CLI using the
--version global option.
If you receive an error message referring to the libsecret shared object
Error: libsecret-1.so.0: cannot open shared object file: No such file or directory, you may need to install libsecret which is required to store things securely on the host.
Was this helpful?
Rate this article:
Want to talk to a human?Send Us An Email