|
|
@@ -6,21 +6,12 @@ A Gitea Action for authenticating with Bitwarden and retrieving dynamic secrets
|
|
|
|
|
|
|
|
|
|
|
|
Auth Warden provides a secure way to authenticate with a Bitwarden server and dynamically retrieve secrets stored as secure notes, making them available as environment variables in your Gitea Actions workflow.
|
|
|
|
Auth Warden provides a secure way to authenticate with a Bitwarden server and dynamically retrieve secrets stored as secure notes, making them available as environment variables in your Gitea Actions workflow.
|
|
|
|
|
|
|
|
|
|
|
|
## Features
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- 🔐 Secure authentication with Bitwarden using API keys
|
|
|
|
|
|
|
|
- 🌐 Support for custom Bitwarden servers
|
|
|
|
|
|
|
|
- 📝 Retrieve secrets from Bitwarden secure notes
|
|
|
|
|
|
|
|
- 🔄 Dynamic mapping of secrets to environment variables
|
|
|
|
|
|
|
|
- 🛡️ Secure handling of sensitive data
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
## Usage
|
|
|
|
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
```yaml
|
|
|
|
- name: Retrieve secrets from Bitwarden
|
|
|
|
- name: Retrieve secrets from Bitwarden
|
|
|
|
uses: ./path/to/auth-warden
|
|
|
|
uses: ./path/to/auth-warden
|
|
|
|
with:
|
|
|
|
with:
|
|
|
|
email: ${{ secrets.BITWARDEN_EMAIL }}
|
|
|
|
|
|
|
|
password: ${{ secrets.BITWARDEN_PASSWORD }}
|
|
|
|
password: ${{ secrets.BITWARDEN_PASSWORD }}
|
|
|
|
server: https://your-bitwarden-server.com
|
|
|
|
server: https://your-bitwarden-server.com
|
|
|
|
client-id: ${{ secrets.BITWARDEN_CLIENT_ID }}
|
|
|
|
client-id: ${{ secrets.BITWARDEN_CLIENT_ID }}
|
|
|
@@ -34,8 +25,7 @@ Auth Warden provides a secure way to authenticate with a Bitwarden server and dy
|
|
|
|
## Inputs
|
|
|
|
## Inputs
|
|
|
|
|
|
|
|
|
|
|
|
| Input | Description | Required | Default |
|
|
|
|
| Input | Description | Required | Default |
|
|
|
|
|-------|-------------|----------|---------|
|
|
|
|
|-----------------|---------------------------------------------------------|----------|--------------------------|
|
|
|
|
| `email` | Bitwarden account email | Yes | - |
|
|
|
|
|
|
|
|
| `password` | Bitwarden account password | Yes | - |
|
|
|
|
| `password` | Bitwarden account password | Yes | - |
|
|
|
|
| `server` | Bitwarden server URL | No | `${{ vars.WARDEN_URL }}` |
|
|
|
|
| `server` | Bitwarden server URL | No | `${{ vars.WARDEN_URL }}` |
|
|
|
|
| `client-id` | Bitwarden API client ID | Yes | - |
|
|
|
|
| `client-id` | Bitwarden API client ID | Yes | - |
|
|
|
@@ -87,9 +77,8 @@ jobs:
|
|
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: actions/checkout@v4
|
|
|
|
|
|
|
|
|
|
|
|
- name: Retrieve secrets
|
|
|
|
- name: Retrieve secrets
|
|
|
|
uses: ./path/to/auth-warden
|
|
|
|
uses: https://git.qlic.nl/actions/warden@v1
|
|
|
|
with:
|
|
|
|
with:
|
|
|
|
email: ${{ secrets.BITWARDEN_EMAIL }}
|
|
|
|
|
|
|
|
password: ${{ secrets.BITWARDEN_PASSWORD }}
|
|
|
|
password: ${{ secrets.BITWARDEN_PASSWORD }}
|
|
|
|
client-id: ${{ secrets.BITWARDEN_CLIENT_ID }}
|
|
|
|
client-id: ${{ secrets.BITWARDEN_CLIENT_ID }}
|
|
|
|
client-secret: ${{ secrets.BITWARDEN_CLIENT_SECRET }}
|
|
|
|
client-secret: ${{ secrets.BITWARDEN_CLIENT_SECRET }}
|
|
|
@@ -103,19 +92,3 @@ jobs:
|
|
|
|
echo "API Key is available as: $API_KEY"
|
|
|
|
echo "API Key is available as: $API_KEY"
|
|
|
|
# Your deployment commands here
|
|
|
|
# Your deployment commands here
|
|
|
|
```
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
## Error Handling
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The action will:
|
|
|
|
|
|
|
|
- Continue processing other secrets if one fails to retrieve
|
|
|
|
|
|
|
|
- Log which secrets were successfully retrieved
|
|
|
|
|
|
|
|
- Log errors for failed secret retrievals
|
|
|
|
|
|
|
|
- Not fail the entire workflow if individual secrets cannot be retrieved
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Author
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Jamie Schouten
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## License
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
See repository license for details.
|
|
|
|
|
|
|
|
jamie
