Add readme

2025-08-05 15:23:10 +02:00
1 changed files with 121 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -1 +1,121 @@
-# Warden
+# Auth Warden
 A Gitea Action for authenticating with Bitwarden and retrieving dynamic secrets for use in CI/CD workflows.
 ## Overview
 Auth Warden provides a secure way to authenticate with a Bitwarden server and dynamically retrieve secrets stored as secure notes, making them available as environment variables in your Gitea Actions workflow.
 ## Features
 - 🔐 Secure authentication with Bitwarden using API keys
 - 🌐 Support for custom Bitwarden servers
 - 📝 Retrieve secrets from Bitwarden secure notes
 - 🔄 Dynamic mapping of secrets to environment variables
 - 🛡️ Secure handling of sensitive data
 ## Usage
 ```yaml
 - name: Retrieve secrets from Bitwarden
  uses: ./path/to/auth-warden
  with:
    email: ${{ secrets.BITWARDEN_EMAIL }}
    password: ${{ secrets.BITWARDEN_PASSWORD }}
    server: https://your-bitwarden-server.com
    client-id: ${{ secrets.BITWARDEN_CLIENT_ID }}
    client-secret: ${{ secrets.BITWARDEN_CLIENT_SECRET }}
    secrets: |
      secret-id-1 > DATABASE_URL
      secret-id-2 > API_KEY
      secret-id-3 > WEBHOOK_SECRET
 ```
 ## Inputs
 | Input | Description | Required | Default |
 |-------|-------------|----------|---------|
 | `email` | Bitwarden account email | Yes | - |
 | `password` | Bitwarden account password | Yes | - |
 | `server` | Bitwarden server URL | No | `${{ vars.WARDEN_URL }}` |
 | `client-id` | Bitwarden API client ID | Yes | - |
 | `client-secret` | Bitwarden API client secret | Yes | - |
 | `secrets` | List of secret mappings (format: `SECRET_ID > ENV_VAR`) | Yes | - |
 ## Secret Mapping Format
 The `secrets` input expects a multiline string where each line contains a mapping in the format:
 ```
 SECRET_ID > ENVIRONMENT_VARIABLE_NAME
 ```
 - `SECRET_ID`: The ID of the secure note in Bitwarden
 - `ENVIRONMENT_VARIABLE_NAME`: The name of the environment variable to create
 Example:
 ```yaml
 secrets: |
  db-connection-string > DATABASE_URL
  stripe-api-key > STRIPE_API_KEY
  jwt-secret > JWT_SECRET
 ```
 ## Prerequisites
 - Bitwarden CLI must be available in the runner environment
 - Valid Bitwarden account with API access configured
 - Secrets must be stored as secure notes in Bitwarden
 ## Security Considerations
 - Store all sensitive inputs (email, password, client-id, client-secret) as Gitea repository secrets
 - Use organization or repository variables for the server URL if it's not sensitive
 - The action automatically handles session management and cleanup
 - Retrieved secrets are securely added to the Gitea Actions environment
 ## Example Workflow
 ```yaml
 name: Deploy Application
 on: [push]
 jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Retrieve secrets
        uses: ./path/to/auth-warden
        with:
          email: ${{ secrets.BITWARDEN_EMAIL }}
          password: ${{ secrets.BITWARDEN_PASSWORD }}
          client-id: ${{ secrets.BITWARDEN_CLIENT_ID }}
          client-secret: ${{ secrets.BITWARDEN_CLIENT_SECRET }}
          secrets: |
            database-url > DATABASE_URL
            api-key > API_KEY
      - name: Deploy
        run: |
          echo "Database URL is available as: $DATABASE_URL"
          echo "API Key is available as: $API_KEY"
          # Your deployment commands here
 ```
 ## Error Handling
 The action will:
 - Continue processing other secrets if one fails to retrieve
 - Log which secrets were successfully retrieved
 - Log errors for failed secret retrievals
 - Not fail the entire workflow if individual secrets cannot be retrieved
 ## Author
 Jamie Schouten
 ## License
 See repository license for details.