# README
CI-Secret-Generator
This tool aims to automate the process of deployment of secrets to Bitwarden while also providing a platform to document the commands used to generate these secrets.
Args and config.yaml
The tool expects a configuration like the one below which specifies the mapping between the itemName+attributeName/attachmentName/fieldName and the command used to generate the secret.
The output of the command is stored into Bitwarden as the contents of the field/attachment/password.
password is the only valid name which is accepted for an attribute
- item_name: first_item
fields:
- name: field1
cmd: echo -n secret
attribute:
name: password
cmd: echo -n new_password
- item_name: second_item
fields:
name: field2
cmd: echo -n field2_contents
The above configuration tells the tool to use the following data to create two Bitwarden entries - 'first_item' and 'second_item'
-
field1offirst_itemwould besecret, and thepasswordoffirst_itemwould benew_passwordin Bitwarden with item-namefirst_item, -
field2ofsecond_item, would befield2_contentsin Bitwarden with item-namesecond_item
Parameters can be passed in to decrease repetition in the configuration file by adding the params dictionary in the configuration file. E.g.:
- item_name: item$(cluster)$(env)
fields:
- name: field1
cmd: echo "$(cluster) $(env)"
params:
cluster:
- build01
- build02
env:
- prod
- staging
This would create four items with item names itembuild01prod, itembuild02prod, itembuild01staging, and itembuild02staging, and the corresponding field1 which would contain the output of the corresponding echo, where the $(paramname) would be replaced with the values of the corresponding paramname.
Run
$ echo -n "bw_password" > /tmp/bw_password
$ ci-secret-generator --bw-password-path=/tmp/bw_password --bw-user [email protected] --config <path_to_config.yaml>