This repository contains a container image intended to be used as a Bitwarden "server" for external-secrets.
These should be pretty much self-explanatory.
BW_USERNAMEBW_PASSWORDBW_PASSWORD_FILE- defaults to
/secrets/BW_PASSWORD - this is recommended over
BW_PASSWORDenvvar
- defaults to
BW_SERVER- defaults to whatever the Bitwarden CLI sets as a default
BW_PORT- defaults to
8087
- defaults to
Follow the guide provided in the docs for external-secrets found here:
https://external-secrets.io/latest/examples/bitwarden
It is highly recommended to deploy a network policy with this, otherwise the unlocked vault will be accessible by the entire cluster!
Substitute this image: ghcr.io/p3lim/ghcr.io/p3lim/bitwarden-cli:VERSION
See the latest version tags here:
https://github.com/p3lim/bitwarden-cli/pkgs/container/bitwarden-cli
To sync the vault on an interval, set up a health check with the following:
wget -q http://127.0.0.1:8087/sync?force=true --post-data='' || exit 1