actions/warden
4
1
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity
3 Commits 2 Branches 1 Tag
readme
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Jamie Schouten eb48951d7f Add readme
2025-08-05 15:28:32 +02:00
action.yml
Add readme
2025-08-05 15:28:32 +02:00
README.md
Add readme
2025-08-05 15:28:32 +02:00

README.md

Auth Warden

A Gitea Action for authenticating with Bitwarden and retrieving dynamic secrets for use in CI/CD workflows.

Overview

Auth Warden provides a secure way to authenticate with a Bitwarden server and dynamically retrieve secrets stored as secure notes, making them available as environment variables in your Gitea Actions workflow.

Usage

- name: Retrieve secrets from Bitwarden
  uses: https://git.qlic.nl/actions/warden@v1
  with:
    password: ${{ secrets.BITWARDEN_PASSWORD }}
    server: https://your-bitwarden-server.com
    client-id: ${{ secrets.BITWARDEN_CLIENT_ID }}
    client-secret: ${{ secrets.BITWARDEN_CLIENT_SECRET }}
    secrets: |
      secret-id-1 > DATABASE_URL
      secret-id-2 > API_KEY
      secret-id-3 > WEBHOOK_SECRET

Inputs

Input Description Required Default
password Bitwarden account password Yes -
server Bitwarden server URL No ${{ vars.WARDEN_URL }}
client-id Bitwarden API client ID Yes -
client-secret Bitwarden API client secret Yes -
secrets List of secret mappings (format: SECRET_ID > ENV_VAR) Yes -

Secret Mapping Format

The secrets input expects a multiline string where each line contains a mapping in the format:

SECRET_ID > ENVIRONMENT_VARIABLE_NAME
  • SECRET_ID: The ID of the secure note in Bitwarden
  • ENVIRONMENT_VARIABLE_NAME: The name of the environment variable to create

Example:

secrets: |
  db-connection-string > DATABASE_URL
  stripe-api-key > STRIPE_API_KEY
  jwt-secret > JWT_SECRET

Prerequisites

  • Bitwarden CLI must be available in the runner environment
  • Valid Bitwarden account with API access configured
  • Secrets must be stored as secure notes in Bitwarden

Security Considerations

  • Store all sensitive inputs (password, client-id, client-secret) as Gitea repository secrets

Example Workflow

name: Deploy Application
on: [push]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Retrieve secrets
        uses: https://git.qlic.nl/actions/warden@v1
        with:
          password: ${{ secrets.BITWARDEN_PASSWORD }}
          client-id: ${{ secrets.BITWARDEN_CLIENT_ID }}
          client-secret: ${{ secrets.BITWARDEN_CLIENT_SECRET }}
          secrets: |
            database-url > DATABASE_URL
            api-key > API_KEY
      
      - name: Deploy
        run: |
          echo "Database URL is available as: $DATABASE_URL"
          echo "API Key is available as: $API_KEY"
          # Your deployment commands here
Description
No description provided
Readme 2 MiB
Releases 1
v1 Latest
2025-02-27 14:18:00 +00:00