terraform-provider-bitwarden

command module
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 3, 2023 License: MPL-2.0 Imports: 5 Imported by: 0

README

Terraform Provider for Bitwarden

Tests Coverage Status Go Version Releases

The Terraform Bitwarden provider is a plugin for Terraform that allows to manage different kind of Bitwarden resources. This project is not associated with the Bitwarden project nor 8bit Solutions LLC.

Explore the docs »

Table of Contents

Supported Versions

The plugin has been tested and built with the following components:

The provider likely works with older versions but those haven't been tested.

Usage

The complete documentation for this provider can be found on the Terraform Registry docs.

# Setting up the Provider
variable "bw_password" {
  type        = string
  description = "Bitwarden Master Key"
  sensitive   = true
}

variable "bw_client_id" {
  type        = string
  description = "Bitwarden Client ID"
  sensitive   = true
}

variable "bw_client_secret" {
  type        = string
  description = "Bitwarden Client Secret"
  sensitive   = true
}

terraform {
  required_providers {
    bitwarden = {
      source  = "maxlaverse/bitwarden"
      version = ">= 0.5.0"
    }
  }
}

provider "bitwarden" {
  master_password = var.bw_password
  client_id       = var.bw_client_id
  client_secret   = var.bw_client_secret
  email           = "test@laverse.net"
  server          = "https://vault.bitwarden.com"
}


# Managing Folders
resource "bitwarden_folder" "cloud_credentials" {
  name = "My Cloud Credentials"
}


# Managing Logins and Secure Notes
resource "random_password" "vpn_password" {
  length           = 16
  special          = true
  override_special = "!#$%&*()-_=+[]{}<>:?"
}

resource "bitwarden_item_login" "vpn_credentials" {
  folder_id = bitwarden_folder.cloud_credentials.id

  name      = "VPN Read Only User/Password Access"
  username  = "vpn-user"
  password  = random_password.vpn_password.result
}

resource "bitwarden_item_secure_note" "vpn_note" {
  folder_id = bitwarden_folder.cloud_credentials.id

  name      = "Notes on the preshared Secret"
  notes     = "It's 1234"
}


# Managing Attachments
resource "bitwarden_attachment" "vpn_config" {
  file = "./vpn_config.txt"
  item_id = bitwarden_item_login.vpn_note.id
}


# Using Login information
data "bitwarden_item_login" "mysql_credentials" {
  id = "ec4e447f-9aed-4203-b834-c8f3848828f7"
}

resource "kubernetes_secret" "database" {
  metadata {
    name = "database"
  }

  data = {
    username = data.bitwarden_item_login.mysql_root_credentials.username
    password = data.bitwarden_item_login.mysql_root_credentials.password
  }
}


# Using Attachments
data "bitwarden_attachment" "ssh_credentials" {
  id = "4d6a41364d6a4dea8ddb1a"
  item_id = "59575167-4d36-5a58-466e-d9021926df8a"
}

resource "kubernetes_secret" "ssh" {
  metadata {
    name = "ssh"
  }

  data = {
    "private.key" = data.bitwarden_attachment.ssh_credentials.content
  }
}

See the examples directory for more examples.

Security Considerations

The Terraform Bitwarden provider entirely relies on the Bitwarden CLI to interact with Vaults. When you ask Terraform to plan or apply changes, the provider downloads the encrypted Vault locally as if you would use the Bitwarden CLI directly. Currently, the Terraform SDK doesn't offer a way to remove the encrypted Vault once changes have been applied. The issue hashicorp/terraform-plugin-sdk#63 tracks discussions for adding such a feature.

If you want find out more about this file, you can read Terraform's documentation on Data Storage. Please note that this file is stored at <your-project>/.bitwarden/ by default, in order to not interfer with your local Vaults.

Developing the Provider

If you wish to work on the provider, you'll first need Go installed on your machine (see Requirements above).

To compile the provider, run go install. This will build the provider and put the provider binary in the $GOPATH/bin directory.

To generate or update documentation, run go generate.

In order to run the full suite of Acceptance tests, start a Vaultwarden server:

$ docker run -ti \
  -e I_REALLY_WANT_VOLATILE_STORAGE=true \
  -e ADMIN_TOKEN=test1234 \
  -e LOGIN_RATELIMIT_SECONDS=1 \
  -e LOGIN_RATELIMIT_MAX_BURST=1000000 \
  -e ADMIN_RATELIMIT_SECONDS=1 \
  -e ADMIN_RATELIMIT_MAX_BURST=1000000 \
  -p 8080:80 vaultwarden/server

Then run make testacc.

$ make testacc

License

Distributed under the Mozilla License. See LICENSE for more information.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
internal
bitwarden/bw
bitwarden/webapi
bitwarden/webapi/crypto
bitwarden/webapi/crypto/encryptedstring
bitwarden/webapi/crypto/keybuilder
bitwarden/webapi/crypto/symmetrickey
command
command/test
provider

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.