Skip to main content
Passwork LogoPasswork LogoUser guides
search
7.0arrow
search
Version: 7.0

Passwork CLI

Passwork CLI is a command-line tool for retrieving passwords from Passwork and securely working with them using scripts, automation, and CI/CD.

Main operating modes

  • exec — retrieves passwords from items or shortcuts, places them in environment variables, and runs the specified command with these variables.
  • get — retrieves field value from item or shortcut, decrypts it locally and redirects it to STDOUT.
  • update — safely updates a field of an item or a shortcut via CLI.
  • api — allows to execute any Passwork API method and receive a response in JSON format.

What Passwork CLI is used for

  • Secure connection to databases and services — passwords are not saved to disk, don't appear in command history, and are substituted only during command execution.
  • Deployment automation and CI/CD — secrets from Passwork are automatically available in pipelines.
  • Server administration — tasks are performed using temporary environment variables.
  • Integration with DevOps tools — quick password retrieval for scripts, Ansible, Terraform, and other tools.

Additional Passwork CLI benefits

  • Access to passwords only during process execution
  • Self-signed certificate support
  • Flexible item filtering by tags, folders, vaults
  • All data is encrypted on the client side (when client-side encryption mode is enabled)

Installation

You can install the package directly from Github:

pip install git+ssh://[email protected]:passwork-me/passwork-python.git

or

pip install git+https://github.com/passwork-me/passwork-python.git

Usage Examples

EXEC mode — execute commands with specified environment variables

Starting a database with password from an item:

passwork-cli exec --password-id "db_password_id" \
  mysql -u admin -h localhost -p"$DB_PASSWORD" database_name

GET mode — data retrieval

Retrieve password from element by ID:

passwork-cli get --password-id "68793e13dfc88d879e0f2e39"

UPDATE mode — updating data

Update password in an element:

passwork-cli update \
  --password-id "68793e13dfc88d879e0f2e39" \
  --password "new-password-value"

API mode — direct API calls

Get a list of all vaults:

passwork-cli api --method GET --endpoint "v1/vaults"
warning

It's recommended to use environment variables for storing tokens and master keys

Technical Documentation

Review the technical documentation for Passwork CLI
© 2014–2025 Passwork LLC
Company
About usPrivacy policyISO 27001 certificateRelease notesRoadmapBlog
Browser extension
Google ChromeMozilla FirefoxMicrosoft EdgeApple Safari
Mobile application
App StoreGoogle Play
For business
TeamsSmall businessBusiness and corporatesEnterpriseOn-premise solutionPassword sharing toolSecret management
Help
User manualTechnical documentationHelp center