Add readme

2025-08-05 15:23:10 +02:00
1 changed files with 121 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -1 +1,121 @@
-# Warden
+# Auth Warden
+
+A Gitea Action for authenticating with Bitwarden and retrieving dynamic secrets for use in CI/CD workflows.
+
+## Overview
+
+Auth Warden provides a secure way to authenticate with a Bitwarden server and dynamically retrieve secrets stored as secure notes, making them available as environment variables in your Gitea Actions workflow.
+
+## Features
+
+- 🔐 Secure authentication with Bitwarden using API keys
+- 🌐 Support for custom Bitwarden servers
+- 📝 Retrieve secrets from Bitwarden secure notes
+- 🔄 Dynamic mapping of secrets to environment variables
+- 🛡️ Secure handling of sensitive data
+
+## Usage
+
+```yaml
+- name: Retrieve secrets from Bitwarden
+  uses: ./path/to/auth-warden
+  with:
+    email: ${{ secrets.BITWARDEN_EMAIL }}
+    password: ${{ secrets.BITWARDEN_PASSWORD }}
+    server: https://your-bitwarden-server.com
+    client-id: ${{ secrets.BITWARDEN_CLIENT_ID }}
+    client-secret: ${{ secrets.BITWARDEN_CLIENT_SECRET }}
+    secrets: |
+      secret-id-1 > DATABASE_URL
+      secret-id-2 > API_KEY
+      secret-id-3 > WEBHOOK_SECRET
+```
+
+## Inputs
+
+| Input | Description | Required | Default |
+|-------|-------------|----------|---------|
+| `email` | Bitwarden account email | Yes | - |
+| `password` | Bitwarden account password | Yes | - |
+| `server` | Bitwarden server URL | No | `${{ vars.WARDEN_URL }}` |
+| `client-id` | Bitwarden API client ID | Yes | - |
+| `client-secret` | Bitwarden API client secret | Yes | - |
+| `secrets` | List of secret mappings (format: `SECRET_ID > ENV_VAR`) | Yes | - |
+
+## Secret Mapping Format
+
+The `secrets` input expects a multiline string where each line contains a mapping in the format:
+
+```
+SECRET_ID > ENVIRONMENT_VARIABLE_NAME
+```
+
+- `SECRET_ID`: The ID of the secure note in Bitwarden
+- `ENVIRONMENT_VARIABLE_NAME`: The name of the environment variable to create
+
+Example:
+```yaml
+secrets: |
+  db-connection-string > DATABASE_URL
+  stripe-api-key > STRIPE_API_KEY
+  jwt-secret > JWT_SECRET
+```
+
+## Prerequisites
+
+- Bitwarden CLI must be available in the runner environment
+- Valid Bitwarden account with API access configured
+- Secrets must be stored as secure notes in Bitwarden
+
+## Security Considerations
+
+- Store all sensitive inputs (email, password, client-id, client-secret) as Gitea repository secrets
+- Use organization or repository variables for the server URL if it's not sensitive
+- The action automatically handles session management and cleanup
+- Retrieved secrets are securely added to the Gitea Actions environment
+
+## Example Workflow
+
+```yaml
+name: Deploy Application
+on: [push]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Retrieve secrets
+        uses: ./path/to/auth-warden
+        with:
+          email: ${{ secrets.BITWARDEN_EMAIL }}
+          password: ${{ secrets.BITWARDEN_PASSWORD }}
+          client-id: ${{ secrets.BITWARDEN_CLIENT_ID }}
+          client-secret: ${{ secrets.BITWARDEN_CLIENT_SECRET }}
+          secrets: |
+            database-url > DATABASE_URL
+            api-key > API_KEY
+      
+      - name: Deploy
+        run: |
+          echo "Database URL is available as: $DATABASE_URL"
+          echo "API Key is available as: $API_KEY"
+          # Your deployment commands here
+```
+
+## Error Handling
+
+The action will:
+- Continue processing other secrets if one fails to retrieve
+- Log which secrets were successfully retrieved
+- Log errors for failed secret retrievals
+- Not fail the entire workflow if individual secrets cannot be retrieved
+
+## Author
+
+Jamie Schouten
+
+## License
+
+See repository license for details.