-
Notifications
You must be signed in to change notification settings - Fork 489
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add Bitwarden Secrets Manager adapter #1186
base: main
Are you sure you want to change the base?
Conversation
Thanks for the PR - @oandalib! I've made a few notes. I think also that we need to add support for projects (https://bitwarden.com/help/secrets-manager-cli/#project). We could use the
And also allow:
in case you wanted to fetch from multiple projects. |
Thanks for the comments. That looks useful to add, and I will do so. Do note that the CLI only supports getting secrets by an ID which is generated by Bitwarden Secrets Manager, and not via secret names. |
09cdccf
to
b3cb114
Compare
Once secrets are created, they are identified by a UUID. The only time you can pass in a project id (also a UUID) is when doing a list secrets operation for a specific project. I think Bitwarden Secrets Manager does a good job of separating and limiting access to specific secrets through a combination of projects and machine accounts. So I would propose this will be sufficient:
kamal secrets fetch --adapter bitwarden-sm *
kamal secrets fetch --adapter bitwarden-sm * --from <project-uuid>
kamal secrets fetch --adapter bitwarden-sm <secret-uuid-1> <secret-uuid-2> For 3, note that I can update the documentation ticket once we get closer to merging this. Let me know what you think with the new approach and changes! |
@oandalib I'm very much looking forward to this (and I don't think I am the only one). I just wanted to give you a heads up that there's now a conflict. |
a5d3626
to
ce647fb
Compare
Thanks for the heads up @janosrusiczki! I resolved the conflict and decided to use the keyword "all" rather than "*" for getting all of the secrets. Should be ready for you @djmb 😃 |
end | ||
|
||
def login(account) | ||
nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agh my review was stuck in pending 🙈, sorry!
Can we implement this method so it checks if you are logged in and prompts you to do so if you are not?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All good!
Added.
ce647fb
to
aa9fe4c
Compare
Bitwarden Secrets Manager has better access controls for exposing just the secrets needed for my project. It is an ideal alternative to using Bitwarden with my personal account where all of my other logins are also exposed, or creating a secondary Bitwarden account. They offer a free plan on top of your regular Bitwarden account which should be sufficient for most people -> https://bitwarden.com/products/secrets-manager/.
Due to Bitwarden Secrets Manager using a session token, I made the account field in the "fetch secrets" optional.
Docs PR: basecamp/kamal-site#145