-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: support Bitwarden Secrets Manager #427
Comments
@cortopy PR is weclome. |
I can create the PR, my only question is, the SDK needs musl-gcc and CGO_ENABLED, is it a problem @yxxhero ?
|
here a super simple example how to fetch a secret in the Bitwarden Secrets Manager - this can be easily adapted to vals. package main
import (
"fmt"
"os"
sdk "github.com/bitwarden/sdk-go"
"github.com/gofrs/uuid"
)
func main() {
apiURL := os.Getenv("API_URL")
if apiURL == "" {
apiURL = "https://api.bitwarden.com"
}
identityURL := os.Getenv("IDENTITY_URL")
if identityURL == "" {
identityURL = "https://identity.bitwarden.com"
}
bitwardenClient, _ := sdk.NewBitwardenClient(&apiURL, &identityURL)
accessToken := os.Getenv("ACCESS_TOKEN") // An Access Token from a "Machine account". Ensure you granted "Can read" to a project.
organizationIDStr := os.Getenv("ORGANIZATION_ID") // The Organization ID where the project is located. This is an UUID that you can find in the URL like: https://vault.bitwarden.com/#/sm/00000000-0000-0000-0000-000000000000, where 00000000-0000-0000-0000-000000000000 is the Organization ID.
projectName := os.Getenv("PROJECT_NAME")
secretName := os.Getenv("SECRET_NAME")
if projectName == "" || organizationIDStr == "" || secretName == "" || accessToken == "" {
panic("Environment variables required: ACCESS_TOKEN, ORGANIZATION_ID, PROJECT_NAME, SECRET_NAME")
}
err := bitwardenClient.AccessTokenLogin(accessToken, nil)
if err != nil {
panic(err)
}
organizationID, err := uuid.FromString(organizationIDStr)
if err != nil {
panic(err)
}
var projectID string
projectList, err := bitwardenClient.Projects().List(organizationID.String())
if err != nil {
panic(err)
}
for _, project := range projectList.Data {
if project.Name == projectName {
projectID = project.ID
}
}
secretsList, err := bitwardenClient.Secrets().List(organizationID.String())
if err != nil {
panic(err)
}
var secretValue string
for _, secret := range secretsList.Data {
if secret.Key == secretName {
s, err := bitwardenClient.Secrets().Get(secret.ID)
if err != nil {
panic(err)
}
if *s.ProjectID == projectID {
secretValue = s.Value
}
}
}
fmt.Println(secretValue)
defer bitwardenClient.Close()
} |
please make a PR, we will test it and review it accordingly @carnei-ro |
@zhaque44 PR opened |
I guess we should re-open this issue. |
It seems vals support Bitwarden Vault as a backend. However, Bitwarden also has a product called "secrets manager", which has its own SDK and CLI
I Just tried to get a secret using current implementation and I get that the secret is not found. This is probably because unlike the vault, Secrets Manager is accessed with machine access tokens and scoped permissions per "project".
The text was updated successfully, but these errors were encountered: