Enable Machine Accounts to Assign Users or Groups to Secrets Manager Projects via SDK/CLI

findyoucef · November 6, 2025, 4:37am

Hi Bitwarden Team,

In Secrets Manager, when a project is created using a machine access token (via SDK or CLI), there’s currently no way to assign users or groups to it — either during creation or afterward. This makes the project inaccessible in the Web Vault. We’re requesting support for:

Assigning users/groups to a project during creation via SDK/CLI.
Updating project membership post-creation via SDK/CLI.

This capability is critical for automation and scalable workflows in enterprise environments. Please let us know if this is planned or if there’s a workaround.

zenhighzer · February 13, 2026, 12:41pm

We’re running into the same issue in our PoC.

We create Secrets Manager projects automatically via bws (Machine Account) and provision secrets with Terraform. This works fine — but projects created by a Machine Account have no People/Groups assigned.

As a result, human users (even Org Admins/Owners) can see the project but cannot open or manage it, and therefore cannot grant access afterward.

This blocks fully automated workflows where humans need read access to generated secrets (e.g., admin passwords, break-glass scenarios).

Would be great to have API/CLI support for assigning Users/Groups to projects.