Feature: support Bitwarden Secrets Manager

[cortopy]

It seems vals support Bitwarden Vault as a backend. However, Bitwarden also has a product called "secrets manager", which has its own SDK and CLI

I Just tried to get a secret using current implementation and I get that the secret is not found. This is probably because unlike the vault, Secrets Manager is accessed with machine access tokens and scoped permissions per "project".

[yxxhero]

@cortopy PR is weclome.

[carnei-ro]

I can create the PR, my only question is, the SDK needs musl-gcc and CGO_ENABLED, is it a problem @yxxhero ?

ref: https://github.com/bitwarden/sdk/blob/main/languages/go/INSTRUCTIONS.md#set-go-environment-info

[carnei-ro]

here a super simple example how to fetch a secret in the Bitwarden Secrets Manager - this can be easily adapted to vals.

package main

import (
	"fmt"
	"os"

	sdk "github.com/bitwarden/sdk-go"
	"github.com/gofrs/uuid"
)

func main() {
	apiURL := os.Getenv("API_URL")
	if apiURL == "" {
		apiURL = "https://api.bitwarden.com"
	}
	identityURL := os.Getenv("IDENTITY_URL")
	if identityURL == "" {
		identityURL = "https://identity.bitwarden.com"
	}

	bitwardenClient, _ := sdk.NewBitwardenClient(&apiURL, &identityURL)

	accessToken := os.Getenv("ACCESS_TOKEN") // An Access Token from a "Machine account". Ensure you granted "Can read" to a project.
	organizationIDStr := os.Getenv("ORGANIZATION_ID") // The Organization ID where the project is located. This is an UUID that you can find in the URL like: https://vault.bitwarden.com/#/sm/00000000-0000-0000-0000-000000000000, where 00000000-0000-0000-0000-000000000000 is the Organization ID.
	projectName := os.Getenv("PROJECT_NAME")
	secretName := os.Getenv("SECRET_NAME")

	if projectName == "" || organizationIDStr == "" || secretName == "" || accessToken == "" {
		panic("Environment variables required: ACCESS_TOKEN, ORGANIZATION_ID, PROJECT_NAME, SECRET_NAME")
	}

	err := bitwardenClient.AccessTokenLogin(accessToken, nil)
	if err != nil {
		panic(err)
	}

	organizationID, err := uuid.FromString(organizationIDStr)
	if err != nil {
		panic(err)
	}

	var projectID string

	projectList, err := bitwardenClient.Projects().List(organizationID.String())
	if err != nil {
		panic(err)
	}
	for _, project := range projectList.Data {
		if project.Name == projectName {
			projectID = project.ID
		}
	}

	secretsList, err := bitwardenClient.Secrets().List(organizationID.String())
	if err != nil {
		panic(err)
	}
	var secretValue string
	for _, secret := range secretsList.Data {
		if secret.Key == secretName {
			s, err := bitwardenClient.Secrets().Get(secret.ID)
			if err != nil {
				panic(err)
			}
			if *s.ProjectID == projectID {
				secretValue = s.Value
			}
		}
	}

	fmt.Println(secretValue)

	defer bitwardenClient.Close()
}

[zhaque44]

please make a PR, we will test it and review it accordingly @carnei-ro

[carnei-ro]

@zhaque44 PR opened

[carnei-ro]

I guess we should re-open this issue.