Can Machines create/save new Secrets in Secrets Manager and/or to Organization Collections?

Hi All,

Evaluating Secrets Manager for wider use in my org. Here’s my scenario:

  1. Using Github actions to deploy services in cloud, with secrets stored in secrets manager (using machine/access key to retrieve) - works great.
  2. During deploy, new random secrets are created for accessing data/telemetry/items created by the process.

For the resultant data in #2, I’d like to store these securely in bitwarden. Ideally, I’d like to make them available to other users. For example, think of these runners creating a “lab”, and these are the username/passwords/hostnames to access lab resources.

My questions are as follows:

  1. Can secrets manager machines create secrets in secrets manager? If so - there’s no obvious info on it that I can find.
  2. Can secrets manager machines create secrets in bitwarden password manager organization collections? I believe the answer to this is “no” out of the box.

From my research, it seems the only way I can share these secrets securely with bitwarden products would be to somehow hack together a “service account” pseudo-machine entity in bitwarden password manager, put those credentials in secret manager, then have the runner update password manager.

To me, this defeats the whole purpose of “Secrets Manager” though - as if I “basically recreate” secrets manager machines by hacking together a pseudo user/service account in password manager, why would we pay extra for secrets manager?

Hoping there is a better solution!

Following up - I didn’t find a good solution to this natively in github actions.

However, I was already using OpenTofu(terraform) for deployments in actions, and I was able to use Maxlaverse’s Terraform Bitwarden module to create new secrets programmatically in the github action.

Basically, it required me passing the BWS Access Token as an environment variable when running the tofu apply, which allowed me to create actions to upload secrets during the run.

Still need to find a way to take secrets from here and sync to Password Manager. But worst case, if I can find a “service” solution for Bitwarden PW manager, I could run a job to copy using Maxlen’s Bitwarden provider above.

If any better solutions exist, let me know!