Bitwarden Secrets Manager GitHub Action
ActionsTags
(2)The Bitwarden sm-action repository contains the source code for the Secrets Manager GitHub Action.
Use the GitHub action, bitwarden/sm-action, to retrieve secrets from the Bitwarden Secrets Manager for use inside GitHub Actions.
The bitwarden/sm-action will add retrieved secrets as masked environment variables inside a given GitHub action.
Review GitHub's recommendations for security hardening GitHub Actions when using sensitive secrets.
To use the action, add a step to your GitHub workflow using the following syntax:
- name: Step name
uses: bitwarden/sm-action@v1
with:
access_token: ${{ secrets.ACCESS_TOKEN }}
secrets: |
SECRET_ID > ENVIRONMENT_VARIABLE_NAME
-
access_tokenThe machine account access token for retrieving secrets.
Use GitHub's encrypted secrets to store and retrieve machine account access tokens securely.
-
secretsOne or more secret Ids to retrieve and the corresponding GitHub environment variable name to set.
GitHub environment variables have stricter naming requirements than Bitwarden secrets.
So the bitwarden/sm-action requires specifying an environment variable name for each secret retrieved in the following format:
secrets: | SECRET_ID > ENVIRONMENT_VARIABLE_NAMEExample
secrets: | 00000000-0000-0000-0000-000000000000 > TEST_EXAMPLE -
cloud_region(Optional) For usage with the cloud-hosted services on either https://vault.bitwarden.com or https://vault.bitwarden.eu
The default value will use
us, which is the region for https://vault.bitwarden.comTo use https://vault.bitwarden.eu, set the value to
eu -
base_url(Optional) For self-hosted bitwarden instances provide your https://your.domain.com
If this optional parameter is provided the parameters identity_url and api_url are not required.
The GitHub action will use
BASE_URL/identityandBASE_URL/apifor the identity and api endpoints. -
identity_url(Optional) For self-hosted bitwarden instances provide your https://your.domain.com/identity
Depending on the
cloud_regionsetting, the default value will use https://identity.bitwarden.com forus(default) or https://identity.bitwarden.eu foreu. -
api_url(Optional) For self-hosted bitwarden instances provide your https://your.domain.com/api
Depending on the
cloud_regionsetting, the default value will use https://api.bitwarden.com forus(default) or https://api.bitwarden.eu foreu.
- name: Get Secrets
uses: bitwarden/sm-action@v1
with:
access_token: ${{ secrets.ACCESS_TOKEN }}
secrets: |
00000000-0000-0000-0000-000000000000 > TEST_EXAMPLE
bdbb16bc-0b9b-472e-99fa-af4101309076 > TEST_EXAMPLE_2
Environment variables created:
TEST_EXAMPLE: SECRET_VALUE_FOR_00000000-0000-0000-0000-000000000000
TEST_EXAMPLE_2: SECRET_VALUE_FOR_bdbb16bc-0b9b-472e-99fa-af4101309076
- name: Get Secrets
uses: bitwarden/sm-action@v1
with:
access_token: ${{ secrets.ACCESS_TOKEN }}
cloud_region: eu
secrets: |
00000000-0000-0000-0000-000000000000 > TEST_EXAMPLE
- name: Use Secret
run: example-command "$TEST_EXAMPLE"
Install the dependencies
$ npm installRun formatter and lint
$ npm run prettier && npm run lintRun the tests ✔️
$ npm testGitHub recommends using a tool called @vercel/ncc to compile code and modules into one file used for distribution.
- Package the TypeScript for distribution
$ npm run bundle
Bitwarden Secrets Manager GitHub Action is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
Tags
(2)Bitwarden Secrets Manager GitHub Action is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.