Storing Generated Secrets in Bitwarden with Ansible Using Machine Account

Hi everyone,

I’m using Ansible for provisioning VMs, and I leverage Bitwarden to fetch secrets (Ansible | Bitwarden Help Center).

During provisioning, some secrets are generated that need to be stored in Bitwarden using a machine account. However, I couldn’t find any Ansible tasks that support CRUD operations for secrets, projects, or organizations. Does anyone know if such a solution exists or have suggestions for achieving this?

Thanks in advance!

We’ve ended with running bw command as part of the shell ansible task:
something like this:

- name: Save secret in bitwarden
  shell: |
    bw get template item | \
      jq " \
        .name=\"secret namel\" | \
        .organizationId=\"{{ bitwarden.orgId }}\" | \
        .collectionIds=[ \"{{ vars['bitwarden']['collections']['example'] }}\" ] | \
        .notes=null | \
        .login=$(bw get template item.login | jq '.username="{{ user }}" | .password="{{ password }}" | .totp=null | .fido2Credentials=null | .uris=[{"match":1,"uri":"{{ url }}"}] ') | \
        .fields=[ {\"name\":\"Name1\", \"value\":\"{{ value1 }}\", \"type\":0}, {\"name\":\"Name2\", \"value\":\"{{ value2 }}\", \"type\":0} ] \
      " | bw encode | bw create item
  delegate_to: localhost

It is important to authorize ansible to run bw withouth password prompt, so you need to run bw unlock and set BW_SESSION env variable before running ansible playbook.