Rate limit exceeded error on high number of Bitwarden CLI calls using Terraform

We use Terraform to manage Bitwarden credentials.
The way Terraform works is it stores the state of resources and compares the actual state via api calls and resources defined in code to provide a plan on what should happen. (What is Terraform | Terraform | HashiCorp Developer)
You can ‘apply’ the login items defined in code using terraform apply. This results in a high number of API calls via the Bitwarden CLI to discover what the current state of the resources is (bw list, bw get), so afterwards it can perform correcting changes by executing a number of other Bitwarden CLI commands to correct issues (bw update, bw create).

I’m running against an issue where midway through applying the code the provider errors out with ‘Rate limit exceeded’.

I’ve tried searching for this error in the Bitwarden docs, the source code for the Terraform Bitwarden provider and in the Bitwarden github repos, but have not found any information on it. I can only assume Bitwarden did not expect people to use tools like Terraform to manage secrets in its product.

Since the high number of cli/api calls is endemic to Terraform, I’d like to know:

  • If there even is a rate limit imposed by Bitwarden CLI or API or the issue lies somewhere else.
  • If the rate limit does exist; why it exists.
  • If the rate limit does exist; if we can increase it for our organization.

More evidence and technical info can be found in an issue I created on the Terraform Provider for Bitwarden: Receiving 'Rate limit exceeded' error on high number of api calls · Issue #61 · maxlaverse/terraform-provider-bitwarden · GitHub

The following issues on this community forum may be related but are unsolved: (I had to remove these links because new users are only allowed to have 2 links in their post.)

I don’t know the answers to your question, but I wouldn’t be surprised if a rate limit exists to protect against DDOS attacks. I know that rate limiting is used for the login/authentication process.

I suspect that the only way to increase the rate limit is to switch to an on-prem (self-hosted) server, which will give you more control over the server configuration.

P.S. Try to send me the additional links in a private message — I may be able to add them into your OP.

Not really an answer on the rate-limit, though getting some further detail on this would be nice especially in the official documentation.

Though as far as secret management goes, you may be interested in joining the waitlist for the Bitwarden secrets manager, which will be specifically for secrets management akin to Hashicorp Vault and other secret management platforms for DevOps to leverage.

As I understand this is being worked on by the team and should be coming hopefully soon, I’m sure they would also be open to any feedback once it’s rolled out on integration with products like Terraform, Ansible, etc. :slightly_smiling_face:

1 Like

In the meantime, feel free to reach out to the support team with the details you’ve provided.