actions/warden
4
1
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity
Files
d25b5badd5bf020a97f958ee66973520c69244d2
warden/README.md
Jamie Schouten d25b5badd5 Add readme
2025-08-05 15:25:47 +02:00

95 lines
3.2 KiB
Markdown
Raw Blame History

# Auth Warden
A Gitea Action for authenticating with Bitwarden and retrieving dynamic secrets for use in CI/CD workflows.
## Overview
Auth Warden provides a secure way to authenticate with a Bitwarden server and dynamically retrieve secrets stored as secure notes, making them available as environment variables in your Gitea Actions workflow.
## Usage
```yaml
- name: Retrieve secrets from Bitwarden
uses: ./path/to/auth-warden
with:
password: ${{ secrets.BITWARDEN_PASSWORD }}
server: https://your-bitwarden-server.com
client-id: ${{ secrets.BITWARDEN_CLIENT_ID }}
client-secret: ${{ secrets.BITWARDEN_CLIENT_SECRET }}
secrets: |
secret-id-1 > DATABASE_URL
secret-id-2 > API_KEY
secret-id-3 > WEBHOOK_SECRET
```
## Inputs
| Input | Description | Required | Default |
|-----------------|---------------------------------------------------------|----------|--------------------------|
| `password` | Bitwarden account password | Yes | - |
| `server` | Bitwarden server URL | No | `${{ vars.WARDEN_URL }}` |
| `client-id` | Bitwarden API client ID | Yes | - |
| `client-secret` | Bitwarden API client secret | Yes | - |
| `secrets` | List of secret mappings (format: `SECRET_ID > ENV_VAR`) | Yes | - |
## Secret Mapping Format
The `secrets` input expects a multiline string where each line contains a mapping in the format:
```
SECRET_ID > ENVIRONMENT_VARIABLE_NAME
```
- `SECRET_ID`: The ID of the secure note in Bitwarden
- `ENVIRONMENT_VARIABLE_NAME`: The name of the environment variable to create
Example:
```yaml
secrets: |
db-connection-string > DATABASE_URL
stripe-api-key > STRIPE_API_KEY
jwt-secret > JWT_SECRET
```
## Prerequisites
- Bitwarden CLI must be available in the runner environment
- Valid Bitwarden account with API access configured
- Secrets must be stored as secure notes in Bitwarden
## Security Considerations
- Store all sensitive inputs (email, password, client-id, client-secret) as Gitea repository secrets
- Use organization or repository variables for the server URL if it's not sensitive
- The action automatically handles session management and cleanup
- Retrieved secrets are securely added to the Gitea Actions environment
## Example Workflow
```yaml
name: Deploy Application
on: [push]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Retrieve secrets
uses: https://git.qlic.nl/actions/warden@v1
with:
password: ${{ secrets.BITWARDEN_PASSWORD }}
client-id: ${{ secrets.BITWARDEN_CLIENT_ID }}
client-secret: ${{ secrets.BITWARDEN_CLIENT_SECRET }}
secrets: |
database-url > DATABASE_URL
api-key > API_KEY
- name: Deploy
run: |
echo "Database URL is available as: $DATABASE_URL"
echo "API Key is available as: $API_KEY"
# Your deployment commands here
```
Reference in New Issue View Git Blame Copy Permalink