Securely retrieve secrets from Bitwarden Secrets Manager and use them in your Ansible playbooks.
The Bitwarden Secrets Manager Collection requires the bitwarden-sdk package. You can install it by
running the following command:
pip install bitwarden-sdkYou can install the Bitwarden Secrets Manager Collection by running:
ansible-galaxy collection install bitwarden.secretsBefore running your playbook, you need to set the BWS_ACCESS_TOKEN environment variable:
# the line below will prevent lines with leading spaces from being saved to bash history
export HISTCONTROL=ignorespace
# the space in the line below keeps your access token out of bash history
export BWS_ACCESS_TOKEN=<your_access_token>Alternatively, you may supply the access token as a parameter to the bitwarden.secrets.lookup
plugin:
- name: A simple example
hosts: localhost
vars_prompt:
- name: "your_access_token"
prompt: "Enter your Bitwarden access token"
private: yes
vars:
some_secret: "{{ lookup('bitwarden.secrets.lookup', '<your_secret_id>', access_token=your_access_token) }}"Note
We are using a vars_prompt to avoid storing the access token in the playbook. While
there are many ways to pass the access token to the lookup plugin, we recommend against storing it
in the playbook itself.
For more information on how to use the Bitwarden Secrets Manager Collection, see the documentation.
Once you've updated your playbook to use the Bitwarden Secrets Manager lookup plugin, you can run it
with the ansible-playbook command:
ansible-playbook <path_to_your_playbook.yml>If your Ansible controller is running macOS, you may need to set the following environment variable to avoid an error related to fork safety:
export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YESSee running on macos as a control node and this GitHub issue for more details.