How to integrate Bitwarden MCP with LangChain

This guide walks you through connecting Bitwarden to LangChain using the Composio tool router. By the end, you'll have a working Bitwarden agent that can retrieve login details for salesforce account, list all shared vault items this week, generate a new secure password for dropbox through natural language commands. This guide will help you understand how to give your LangChain agent real control over a Bitwarden account through Composio's Bitwarden MCP server. Before we dive in, let's take a quick look at the key ideas and tools involved.

Get started for freeGet a demo
Bitwarden logoBitwarden
S2s Oauth2

Bitwarden is a secure password manager for storing and sharing credentials. It keeps your passwords and sensitive data encrypted and easily accessible across devices.

9 Tools

Introduction

This guide walks you through connecting Bitwarden to LangChain using the Composio tool router. By the end, you'll have a working Bitwarden agent that can retrieve login details for salesforce account, list all shared vault items this week, generate a new secure password for dropbox through natural language commands.

This guide will help you understand how to give your LangChain agent real control over a Bitwarden account through Composio's Bitwarden MCP server.

Before we dive in, let's take a quick look at the key ideas and tools involved.

Also integrate Bitwarden with

OpenAI Agents SDKClaude Agent SDKClaude CodeClaude CoworkCodexOpenClawHermesCLIGoogle ADKVercel AI SDKMastra AILlamaIndexCrewAI

TL;DR

Here's what you'll learn:
  • Get and set up your OpenAI and Composio API keys
  • Connect your Bitwarden project to Composio
  • Create a Tool Router MCP session for Bitwarden
  • Initialize an MCP client and retrieve Bitwarden tools
  • Build a LangChain agent that can interact with Bitwarden
  • Set up an interactive chat interface for testing

What is LangChain?

LangChain is a framework for developing applications powered by language models. It provides tools and abstractions for building agents that can reason, use tools, and maintain conversation context.

Key features include:

  • Agent Framework: Build agents that can use tools and make decisions
  • MCP Integration: Connect to external services through Model Context Protocol adapters
  • Memory Management: Maintain conversation history across interactions
  • Multi-Provider Support: Works with OpenAI, Anthropic, and other LLM providers

What is the Bitwarden MCP server, and what's possible with it?

The Bitwarden MCP server is an implementation of the Model Context Protocol that connects your AI agent and assistants like Claude, Cursor, etc directly to your Bitwarden account. It provides structured and secure access to your encrypted vault, so your agent can perform actions like retrieving credentials, managing vault items, updating passwords, generating new secure passwords, and organizing your vault for you.

  • Secure credential retrieval: Instantly fetch login details, secure notes, or card information from your Bitwarden vault whenever your agent needs to access or autofill credentials.
  • Password management and updates: Direct your agent to update existing passwords, change login details, or rotate credentials for improved security.
  • Vault item creation and organization: Have your agent create new items—like logins, notes, or identities—and organize them into folders or collections for easy access and sharing.
  • Password generation and security checks: Use the agent to generate strong, unique passwords and even check for reused or weak credentials across your vault.
  • Automated sharing and access management: Let your agent securely share selected credentials with trusted users or teams, while maintaining detailed access controls.

What is the Composio tool router, and how does it fit here?

What is Composio SDK?

Composio's Composio SDK helps agents find the right tools for a task at runtime. You can plug in multiple toolkits (like Gmail, HubSpot, and GitHub), and the agent will identify the relevant app and action to complete multi-step workflows. This can reduce token usage and improve the reliability of tool calls. Read more here: Getting started with Composio SDK

The tool router generates a secure MCP URL that your agents can access to perform actions.

How the Composio SDK works

The Composio SDK follows a three-phase workflow:

  1. Discovery: Searches for tools matching your task and returns relevant toolkits with their details.
  2. Authentication: Checks for active connections. If missing, creates an auth config and returns a connection URL via Auth Link.
  3. Execution: Executes the action using the authenticated connection.

Step-by-step Guide

Step by step10 STEPS
1

Prerequisites

Before starting this tutorial, make sure you have:
  • Python 3.10 or higher installed on your system
  • A Composio account with an API key
  • An OpenAI API key
  • Basic familiarity with Python and async programming
2

Getting API Keys for OpenAI and Composio

OpenAI API Key
  • Go to the OpenAI dashboard and create an API key. You'll need credits to use the models, or you can connect to another model provider.
  • Keep the API key safe.
Composio API Key
  • Log in to the Composio dashboard.
  • Navigate to your API settings and generate a new API key.
  • Store this key securely as you'll need it for authentication.
3

Install dependencies

npm install @composio/langchain @langchain/core @langchain/openai @langchain/mcp-adapters dotenv

Install the required packages for LangChain with MCP support.

What's happening:

  • @composio/langchain provides Composio integration for LangChain
  • @langchain/mcp-adapters enables MCP client connections
  • @langchain/core is the core agent framework
  • dotenv/config loads environment variables
4

Set up environment variables

bash
COMPOSIO_API_KEY=your_composio_api_key_here
COMPOSIO_USER_ID=your_composio_user_id_here
OPENAI_API_KEY=your_openai_api_key_here

Create a .env file in your project root.

What's happening:

  • COMPOSIO_API_KEY authenticates your requests to Composio's API
  • COMPOSIO_USER_ID identifies the user for session management
  • OPENAI_API_KEY enables access to OpenAI's language models
5

Import dependencies

import { Composio } from '@composio/core';
import { LangchainProvider } from '@composio/langchain';
import { MultiServerMCPClient } from "@langchain/mcp-adapters";
import { createAgent } from "langchain";
import * as readline from 'readline';
import 'dotenv/config';

dotenv.config();
What's happening:
  • We're importing LangChain's MCP adapter and Composio SDK
  • The dotenv/config import loads environment variables from your .env file
  • This setup prepares the foundation for connecting LangChain with Bitwarden functionality through MCP
6

Initialize Composio client

const composioApiKey = process.env.COMPOSIO_API_KEY;
const userId = process.env.COMPOSIO_USER_ID;

if (!composioApiKey) throw new Error('COMPOSIO_API_KEY is not set');
if (!userId) throw new Error('COMPOSIO_USER_ID is not set');

async function main() {
    const composio = new Composio({
        apiKey: composioApiKey as string,
        provider: new LangchainProvider()
    });
What's happening:
  • We're loading the COMPOSIO_API_KEY from environment variables and validating it exists
  • Creating a Composio instance that will manage our connection to Bitwarden tools
  • Validating that COMPOSIO_USER_ID is also set before proceeding
7

Create a Tool Router session

const session = await composio.create(
    userId as string,
    {
        toolkits: ['bitwarden']
    }
);

const url = session.mcp.url;
What's happening:
  • We're creating a Tool Router session that gives your agent access to Bitwarden tools
  • The create method takes the user ID and specifies which toolkits should be available
  • The returned session.mcp.url is the MCP server URL that your agent will use
  • This approach allows the agent to dynamically load and use Bitwarden tools as needed
8

Configure the agent with the MCP URL

const client = new MultiServerMCPClient({
    "bitwarden-agent": {
        transport: "http",
        url: url,
        headers: {
            "x-api-key": process.env.COMPOSIO_API_KEY
        }
    }
});

const tools = await client.getTools();

const agent = createAgent({ model: "gpt-5", tools });
What's happening:
  • We're creating a MultiServerMCPClient that connects to our Bitwarden MCP server via HTTP
  • The client is configured with a name and the URL from our Tool Router session
  • getTools() retrieves all available Bitwarden tools that the agent can use
  • We're creating a LangChain agent using the GPT-5 model
9

Set up interactive chat interface

let conversationHistory: any[] = [];

console.log("Chat started! Type 'exit' or 'quit' to end the conversation.\n");
console.log("Ask any Bitwarden related question or task to the agent.\n");

const rl = readline.createInterface({
    input: process.stdin,
    output: process.stdout,
    prompt: 'You: '
});

rl.prompt();

rl.on('line', async (userInput: string) => {
    const trimmedInput = userInput.trim();

    if (['exit', 'quit', 'bye'].includes(trimmedInput.toLowerCase())) {
        console.log("\nGoodbye!");
        rl.close();
        process.exit(0);
    }

    if (!trimmedInput) {
        rl.prompt();
        return;
    }

    conversationHistory.push({ role: "user", content: trimmedInput });
    console.log("\nAgent is thinking...\n");

    const response = await agent.invoke({ messages: conversationHistory });
    conversationHistory = response.messages;

    const finalResponse = response.messages[response.messages.length - 1]?.content;
    console.log(`Agent: ${finalResponse}\n`);
        
        rl.prompt();
    });

    rl.on('close', () => {
        console.log('\n👋 Session ended.');
        process.exit(0);
    });
What's happening:
  • We initialize an empty conversationHistory list to maintain context across interactions
  • A readline interface is used to continuously accept user input from the command line
  • When a user types a message, it's added to the conversation history and sent to the agent
  • The agent processes the request using the invoke() method with the full conversation history
  • Users can type 'exit', 'quit', or 'bye' to end the chat session gracefully
10

Run the application

main().catch((err) => {
    console.error('Fatal error:', err);
    process.exit(1);
});
What's happening:
  • We call the main() function to start the application

Complete Code

Here's the complete code to get you started with Bitwarden and LangChain:

import { Composio } from '@composio/core';
import { LangchainProvider } from '@composio/langchain';
import { MultiServerMCPClient } from "@langchain/mcp-adapters";  
import { createAgent } from "langchain";
import * as readline from 'readline';
import 'dotenv/config';

const composioApiKey = process.env.COMPOSIO_API_KEY;
const userId = process.env.COMPOSIO_USER_ID;

if (!composioApiKey) throw new Error('COMPOSIO_API_KEY is not set');
if (!userId) throw new Error('COMPOSIO_USER_ID is not set');

async function main() {
    const composio = new Composio({
        apiKey: composioApiKey as string,
        provider: new LangchainProvider()
    });

    const session = await composio.create(
        userId as string,
        {
            toolkits: ['bitwarden']
        }
    );

    const url = session.mcp.url;
    
    const client = new MultiServerMCPClient({
        "bitwarden-agent": {
            transport: "http",
            url: url,
            headers: {
                "x-api-key": process.env.COMPOSIO_API_KEY
            }
        }
    });
    
    const tools = await client.getTools();
  
    const agent = createAgent({ model: "gpt-5", tools });
    
    let conversationHistory: any[] = [];
    
    console.log("Chat started! Type 'exit' or 'quit' to end the conversation.\n");
    console.log("Ask any Bitwarden related question or task to the agent.\n");
    
    const rl = readline.createInterface({
        input: process.stdin,
        output: process.stdout,
        prompt: 'You: '
    });

    rl.prompt();

    rl.on('line', async (userInput: string) => {
        const trimmedInput = userInput.trim();
        
        if (['exit', 'quit', 'bye'].includes(trimmedInput.toLowerCase())) {
            console.log("\nGoodbye!");
            rl.close();
            process.exit(0);
        }
        
        if (!trimmedInput) {
            rl.prompt();
            return;
        }
        
        conversationHistory.push({ role: "user", content: trimmedInput });
        console.log("\nAgent is thinking...\n");
        
        const response = await agent.invoke({ messages: conversationHistory });
        conversationHistory = response.messages;
        
        const finalResponse = response.messages[response.messages.length - 1]?.content;
        console.log(`Agent: ${finalResponse}\n`);
        
        rl.prompt();
    });

    rl.on('close', () => {
        console.log('\nSession ended.');
        process.exit(0);
    });
}

main().catch((err) => {
    console.error('Fatal error:', err);
    process.exit(1);
});

Conclusion

You've successfully built a LangChain agent that can interact with Bitwarden through Composio's Tool Router.

Key features of this implementation:

  • Dynamic tool loading through Composio's Tool Router
  • Conversation history maintenance for context-aware responses
  • Async Python provides clean, efficient execution of agent workflows
You can extend this further by adding error handling, implementing specific business logic, or integrating additional Composio toolkits to create multi-app workflows.
TOOLS

Supported Tools

Every Bitwarden action and event your agent gets out of the box.

Delete Group

Tool to delete a group.

Delete Member

Tool to delete a specific organization member.

Get Group Member IDs

Tool to retrieve the list of member IDs for a specific Bitwarden group.

Get Organization Subscription

Tool to retrieve subscription details of the current organization.

Import Members and Groups

Tool to bulk import members and groups in a single request.

Reinvite Member

Tool to re-send an invitation to a pending or removed member.

Retrieve Group

Tool to retrieve details for a specific group.

Retrieve Member

Tool to retrieve details for a specific member.

Update Member

Tool to update an organization member’s admin status.

FRAMEWORKS

How to build Bitwarden MCP Agent with another framework

OpenAI Agents SDK logo

OpenAI Agents SDK

Use Bitwarden MCP with OpenAI Agents SDK

Claude Agent SDK logo

Claude Agent SDK

Use Bitwarden MCP with Claude Agent SDK

Claude Code logo

Claude Code

Use Bitwarden MCP with Claude Code

Claude Cowork logo

Claude Cowork

Use Bitwarden MCP with Claude Cowork

Codex logo

Codex

Use Bitwarden MCP with Codex

OpenClaw logo

OpenClaw

Use Bitwarden MCP with OpenClaw

Hermes logo

Hermes

Use Bitwarden MCP with Hermes

CLI logo

CLI

Use Bitwarden MCP with CLI

Google ADK logo

Google ADK

Use Bitwarden MCP with Google ADK

Vercel AI SDK logo

Vercel AI SDK

Use Bitwarden MCP with Vercel AI SDK

Mastra AI logo

Mastra AI

Use Bitwarden MCP with Mastra AI

LlamaIndex logo

LlamaIndex

Use Bitwarden MCP with LlamaIndex

CrewAI logo

CrewAI

Use Bitwarden MCP with CrewAI

FAQ

Frequently asked questions

With a standalone Bitwarden MCP server, the agents and LLMs can only access a fixed set of Bitwarden tools tied to that server. However, with the Composio Tool Router, agents can dynamically load tools from Bitwarden and many other apps based on the task at hand, all through a single MCP endpoint.

Yes, you can. LangChain fully supports MCP integration. You get structured tool calling, message history handling, and model orchestration while Tool Router takes care of discovering and serving the right Bitwarden tools.

Yes, absolutely. You can configure which Bitwarden scopes and actions are allowed when connecting your account to Composio. You can also bring your own OAuth credentials or API configuration so you keep full control over what the agent can do.

All sensitive data such as tokens, keys, and configuration is fully encrypted at rest and in transit. Composio is SOC 2 Type 2 compliant and follows strict security practices so your Bitwarden data and credentials are handled as safely as possible.

Start with Bitwarden.It takes 30 seconds.

Managed auth, hosted MCP servers, and every Bitwarden tool your agent needs.Free to start.

Start building
Customer stories

Teams ship real agents on Composio

GET STARTED FOR FREEBOOK A DEMO
agent.aiZoomLettaGleanHubSpotAWSWabi

Karan skipped his own birthday party to fix our critical issue. It was 10pm and he diverted his Waymo to help us instead. This really sets the bar — it shows the commitment you need when users rely on your software.

Harsha Gaddipati
Harsha Gaddipati
Co-founder, Slashy

A lot of students tell us that the moment their connected tools start talking to each other inside Opennote feels almost magical. The agent just knows them, and it's immensely helped keep new users on the platform.

Abhi Arya
Abhi Arya
Co-founder, Opennote

We chose Composio over Pipedream because it delivered depth where it mattered — niche tools and tricky edge cases other platforms simply ignored. That gave us confidence to scale without compromising.

Nirman Dave
Nirman Dave
CEO, Zams

As a solo builder, shipping fast is life or death. The only way I can outcompete incumbents is by outmanoeuvring them. Getting bogged down managing agent auth would have been a death sentence.

Ryan Yu
Ryan Yu
Founder, Extra Thursday

Before Composio, adding tool integrations was slow and resource-intensive. Each one could take weeks of engineering time, and maintaining them meant constantly keeping up with API changes.

Tomisin Jenrola
Tomisin Jenrola
Founder & CEO, SwarmZero

With hands-on help from their founder, we integrated Gmail and Google Drive in just 30 minutes. This level of personal support and commitment is exactly what startups should strive for.

Jerome Leclanche
Jerome Leclanche
Co-Founder, Ingram Technologies