Go to file
Tobias Trabelsi 9b27191be3
All checks were successful
continuous-integration/drone/push Build is passing
silence pip warning
2022-09-14 22:58:48 +02:00
chart/bitwarden-crd-operator documentation and version alignement 2022-09-14 22:53:48 +02:00
.dockerignore wip 2022-09-04 23:21:33 +02:00
.drone.yml operator.py is reserved in kopf 2022-09-04 23:25:46 +02:00
.gitignore wrapping bitwarden cli to login and get an item 2022-09-12 23:03:28 +02:00
bitwarden-crd-operator.py fixed secret creation \o/ 2022-09-14 22:18:48 +02:00
CODE_OF_CONDUCT.md wrapping bitwarden cli to login and get an item 2022-09-12 23:03:28 +02:00
Dockerfile silence pip warning 2022-09-14 22:58:48 +02:00
example.yaml documentation and version alignement 2022-09-14 22:53:48 +02:00
LICENSE wrapping bitwarden cli to login and get an item 2022-09-12 23:03:28 +02:00
pyvenv.cfg wip 2022-09-04 23:21:33 +02:00
README.md added a small todo 2022-09-14 22:54:39 +02:00
requirements.txt trying to create secret from jinja template 2022-09-10 14:55:53 +02:00

Bitwarden CRD Operator

Build Status

Bitwarden CRD Operator is a kubernetes Operator based on kopf. The goal is to create kubernetes native secret objects from bitwarden.

DISCLAIMER:
This project is still very work in progress :)

Getting started

For now a few secrets need to be passed to helm. I will change this in the future to give the option to also use a kubernetes secret for this.

You will need a ClientID and ClientSecret (where to get these) as well as your password. Expose these to the operator as described in this example:

env:
  - name: BW_HOST
    value: "https://bitwarden.your.tld.org"
  - name: BW_CLIENTID
    value: "user.your-client-id"
  - name: BW_CLIENTSECRET
    value: "YoUrCliEntSecRet"
  - name: BW_PASSWORD
    value: "YourSuperSecurePassword"

BW_HOST can be omitted if you are using the Bitwarden SaaS offering.

After that it is a basic helm deployment:

kubectl create namespace bw-operator
helm upgrade --install --namespace bw-operator -f chart/bitwarden-crd-operator/values.yaml bw-operator chart/bitwarden-crd-operator

And you are set to create your first secret using this operator. For that you need to add a CRD Object like this to your cluster:

---
apiVersion: "lerentis.uploadfilter24.eu/v1beta1"
kind: BitwardenSecret
metadata:
  name: name-of-your-management-object
spec:
  type: "UsernamePassword"
  id: "A Secret ID from bitwarden"
  name: "Name of the secret to be created"
  namespace: "Namespace of the secret to be created"

The ID can be extracted from the browser when you open a item the ID is in the URL. The resulting secret looks something like this:

apiVersion: v1
data:
  password: "base64 encoded password"
  username: "base64 encoded username"
kind: Secret
metadata:
  annotations:
    managed: bitwarden-secrets.lerentis.uploadfilter24.eu
    managedObject: bw-operator/test
  name: name-of-your-management-object
  namespace: default
type: Opaque

Short Term Roadmap

[] support more types
[] offer option to use a existing secret in helm chart
[] host chart on gh pages
[] write release pipeline
[] maybe extend spec to offer modification of keys as well