DEV Community

Cover image for Managing Secrets in Terraform with BitWarden
Binaya Sharma
Binaya Sharma

Posted on • Originally published at Medium

Managing Secrets in Terraform with BitWarden

Bitwarden has a Secrets Manager that has been specifically designed for storing secrets that can be used for machine-to-machine interaction.

In this demo, we will be integrating Terraform with Bitwarden. For this there are some pre-requisites:

  • bws command line utility
  • BitWarden Account

bws command line utility can simply be installed using the bash script. Also, we would need a account, and need to activate the Secrets Manager. We would also need to create a machine account. This will be used to authenticate with bitwarden.

Machine Secrets

Keep in mind that tokens are not saved, you will need to save it somewhere. Now we will be using configuring the providers:

providers.tf

terraform {
  required_providers {
    bitwarden-secrets = {
      source  = "sebastiaan-dev/bitwarden-secrets"
      version = "0.1.2"
    }
    random = {
      source  = "hashicorp/random"
      version = "3.6.3"
    }
  }
}

provider "random" {}

provider "bitwarden-secrets" {
  access_token = "#Acces_Token_From_the_Machine_Accounts"
}
Enter fullscreen mode Exit fullscreen mode

I addition to bitwarden-secrets, i have also included random, as we will be creating a radom strong password and store it in the bitwarden.

Now we can go ahead and create project and secret within that.

# Create a project managed by Terraform
resource "bitwarden-secrets_project" "project" {
  name = "MyAwesomeProject"
}

# Create Random Password 
resource "random_password" "password" {
  length           = 16
  special          = true
  override_special = "!#$%&*()-_=+[]{}<>:?"
}

# Create a secret in project managed by Terraform
resource "bitwarden-secrets_secret" "password" {
  key        = "password"
  value      = random_password.password.result
  project_id = bitwarden-secrets_project.project.id
} 
Enter fullscreen mode Exit fullscreen mode

Screenshot from the UI:
Secrets

This way we can leverage the awesome BitWarden to store secrets and share with the team.

Top comments (0)