74
/ 100
1 month ago
glama

Warden MCP Server

MCP server for Vaultwarden/Bitwarden vault management. Enables AI agents to securely create, search, read, and update vault items via the official Bitwarden CLI, with safe-by-default redaction and support for both stdio and SSE transports.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
1 tools verified — handlers match their declared behaviour
1 read-only tool verified — handlers contain no write/delete/exec
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 1 credential: BW_PASSWORD
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configBW_BINif you set it explicitly
configBW_CLIENTIDuser.xxxxx \
configBW_CLIENTSECRETThe examples below use Bitwarden API-key auth. If you prefer username/password login, replace BW_CLIENTID + with BW_USER.
configBW_HOSTenv =https://vaultwarden.example.com \
🔐 secretBW_PASSWORD'your-master-password' \
configBW_UNLOCK_INTERVAL
configBW_USERuser@example.com \
configBW_USERNAME
configKEYCHAIN_ALLOW_ENV_FALLBACKBW_ configuration when =true. You can use
configKEYCHAIN_BW_HOME_ROOT
configKEYCHAIN_DEBUG_BW
configKEYCHAIN_DEBUG_HTTP
configKEYCHAIN_FLOOD_BASE_URL
configKEYCHAIN_FLOOD_CONCURRENCY
configKEYCHAIN_FLOOD_DEBUG
configKEYCHAIN_FLOOD_REQUESTS
configKEYCHAIN_FLOOD_TIMEOUT_MS
configKEYCHAIN_INTEGRATION_PROFILE
configKEYCHAIN_MAX_HEAP_USED_MB(default 1536, set 0 to disable memory fuse)
configKEYCHAIN_METRICS_LOG_INTERVAL_MS(default 0, disabled)
configKEYCHAIN_METRICS_URL
configKEYCHAIN_REQUIRE_ORG_TESTS
configKEYCHAIN_SESSION_MAX_COUNT(default 32)
configKEYCHAIN_SESSION_SWEEP_INTERVAL_MS(default 60000)
configKEYCHAIN_SESSION_TTL_MS(default 900000)
configKEYCHAIN_SYNC_ON_WRITE
configKEYCHAIN_TEXT_COMPAT_MODEIf =structured_json is enabled, supported success and
configMCP_APP_NAME
configPORT
configREADONLYSet =true to hide mutating tools from the advertised MCP catalog and reject direct write calls (create/edit/delete/move/restore/attachments).
configTOOL_PREFIXTool names default to keychain_. Override to change the namespace and TOOL_SEPARATOR to change the separator (default _, set . for legacy clients).
configTOOL_SEPARATORTool names default to keychain_. Override TOOL_PREFIX to change the namespace and to change the separator (default _, set . for legacy clients).
configVW_APIKEY_ENV_FILE
configVW_BOOTSTRAP_TIMEOUT_MS
configVW_NAME
configVW_ORG_NAME
configWARDEN_MCP_STDIO
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 4 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/icoretech-warden-mcp-1fj4o9)](https://m8ven.ai/mcp/icoretech-warden-mcp-1fj4o9)
commit: 41d49b1027d71c398b3880c7c4bc1f63e272ac11
code hash: 657fc5f21ccd90ad048d75883f65a599cad3ca653e8d01306157f59b7c350e59
verified: 6/16/2026, 12:05:30 PM
view raw JSON →