In our Security by Design setup we’d like to be able to use BitWarden (cli, api) in our automation according to least privileges.
One way would be to allow multiple API keys per user (or org?) and be able to give these limited scope; e.g. only one collection and/or one or more secrets.
As here only read-only access is required, ideally that would be an option too (read-only, read/write, admin = incl. create/delete)
E.g. if a system is only allowed to update our monitoring, we could create an API key for that system that can read our monitoring credentials (in a separate collection).