Hi everyone,
I’m using Ansible for provisioning VMs, and I leverage Bitwarden to fetch secrets (Ansible | Bitwarden Help Center).
During provisioning, some secrets are generated that need to be stored in Bitwarden using a machine account. However, I couldn’t find any Ansible tasks that support CRUD operations for secrets, projects, or organizations. Does anyone know if such a solution exists or have suggestions for achieving this?
Thanks in advance!
We’ve ended with running bw command as part of the shell ansible task:
something like this:
- name: Save secret in bitwarden
shell: |
bw get template item | \
jq " \
.name=\"secret namel\" | \
.organizationId=\"{{ bitwarden.orgId }}\" | \
.collectionIds=[ \"{{ vars['bitwarden']['collections']['example'] }}\" ] | \
.notes=null | \
.login=$(bw get template item.login | jq '.username="{{ user }}" | .password="{{ password }}" | .totp=null | .fido2Credentials=null | .uris=[{"match":1,"uri":"{{ url }}"}] ') | \
.fields=[ {\"name\":\"Name1\", \"value\":\"{{ value1 }}\", \"type\":0}, {\"name\":\"Name2\", \"value\":\"{{ value2 }}\", \"type\":0} ] \
" | bw encode | bw create item
delegate_to: localhost
It is important to authorize ansible to run bw withouth password prompt, so you need to run bw unlock and set BW_SESSION env variable before running ansible playbook.