How to use bitwarden_secrets_manager with AWX #9126
Comments
|
Files identified in the description: If these files are incorrect, please update the |
|
Files identified in the description: If these files are incorrect, please update the |
|
Hey, please note that the password manager "Bitwarden" is a different product from "Bitwarden Secrets Manager". From what I understand this question concerns the regular Bitwarden, not Bitwarden Secrets Manager or the associated lookup plugin |
|
@jantari I have an paid version of bitwarden, but the support is only one level full of people who have just enough expertise to copypaste theyr kb entrys without even testing what they sent themself... I like to stay with awx, because i need the worflow possibilities, because in the end for this project an user has to choose the diffrent variables with an as simple asa possible gui and then the worklfo has to be approved from an admin so it would be quite hard to use just ansible. |
Summary
In every forum - even the ansible one nobody can tell me this - am i correct here or do i have toask at redhat somewhere?
Its not the same usingg this with AWX 1:1 like here
Issue Type
Documentation Report
Component Name
community.general.bitwarden
Ansible Version
the mosst current
Community.general Version
the nost current - i created an ee with it and added the bw cli
Configuration
My example Playbook
`---
name: Retrieve Bitwarden password test
hosts: all
gather_facts: false
vars:
bitwarden_record_name: "nagivis"
tasks:
name: Configure BW CLI
ansible.builtin.command:
cmd: "bw config server https://bw.gruen.net/"
#ignore_errors: yes
#no_log: true
delegate_to: localhost
name: Login to Bitwarden Vault
ansible.builtin.command:
cmd: "bw login {{ bw_usr }} {{ bw_pw }}"
#no_log: true
delegate_to: localhost
ignore_errors: yes
name: Unlock Bitwarden vault
ansible.builtin.command:
cmd: /usr/local/bin/bw unlock {{ bw_pw }}
register: bw_unlock
ignore_errors: no
delegate_to: localhost
name: Extract BW_SESSION from Bitwarden output
ansible.builtin.set_fact:
bw_session: "{{ (bw_unlock.stdout | regex_search('BW_SESSION="([^\"]+)', '\1')) | first }}"
name: Display the BW_SESSION variable
ansible.builtin.debug:
msg: "Extracted BW_SESSION: {{ bw_session }}"
name: "Get 'password' from all Bitwarden records named '{{ bitwarden_record_name }}'"
ansible.builtin.debug:
msg: "{{ lookup('community.general.bitwarden', bitwarden_record_name, field='password', bw_session=bw_session) }}"
`
EE
'
version: 3 # Specifies the configuration version.
images:
base_image:
name: quay.io/centos/centos:stream9 # Defines the base image, using CentOS Stream 9 from Quay.io.
dependencies:
ansible_core:
package_pip: ansible-core # Installs the core Ansible package via pip.
ansible_runner:
package_pip: ansible-runner # Installs Ansible Runner via pip for running Ansible playbooks.
python_interpreter:
package_system: "python3" # Installs Python 3 as the system Python interpreter.
python_path: "/usr/bin/python3" # Specifies the path for the Python interpreter.
galaxy: requirements.yml # Ansible Galaxy dependencies specified in requirements.yml.
python: requirements.txt # Additional Python dependencies listed in requirements.txt.
additional_build_steps:
prepend_base:
- RUN yum -y install epel-release libicu rsync # Installs extra packages needed for the environment.
- RUN yum -y remove vim-minimal # Removes minimal Vim package to avoid conflicts or to save space.
- RUN yum -y update && yum -y upgrade && yum clean all && rm -rf /var/cache/yum # Updates system packages and cleans up cache.
- RUN yum -y install python3-pip sshpass # Installs pip for Python 3 and sshpass for SSH automation.
- RUN /usr/bin/python3 -m pip install --upgrade pip --no-cache-dir # Upgrades pip without caching to save space.
append_base:
- RUN yum -y install openssh-clients wget tar gzip git unzip # Installs tools for SSH, file downloads, and compression.
- RUN yum -y remove python3-cryptography # Removes an older version of cryptography to avoid version conflicts.
- RUN wget -O /tmp/bw_cli.zip https://github.com/bitwarden/cli/releases/download/v1.22.1/bw-linux-1.22.1.zip
- RUN unzip /tmp/bw_cli.zip -d /usr/local/bin/
- RUN chmod +x /usr/local/bin/bw
append_final:
- RUN rm -rf /root/.cache/pip/* # Removes cached pip files to free up space.
- RUN pip list installed # Lists all installed pip packages.
- RUN yum list installed # Lists all installed yum packages.
- RUN ansible --version # Displays Ansible version to verify installation.
- RUN ansible-galaxy collection list # Lists all installed Ansible Galaxy collections.---
version: 3 # Specifies the configuration version.
images:
base_image:
name: quay.io/centos/centos:stream9 # Defines the base image, using CentOS Stream 9 from Quay.io.
dependencies:
ansible_core:
package_pip: ansible-core # Installs the core Ansible package via pip.
ansible_runner:
package_pip: ansible-runner # Installs Ansible Runner via pip for running Ansible playbooks.
python_interpreter:
package_system: "python3" # Installs Python 3 as the system Python interpreter.
python_path: "/usr/bin/python3" # Specifies the path for the Python interpreter.
galaxy: requirements.yml # Ansible Galaxy dependencies specified in requirements.yml.
python: requirements.txt # Additional Python dependencies listed in requirements.txt.
additional_build_steps:
prepend_base:
- RUN yum -y install epel-release libicu rsync # Installs extra packages needed for the environment.
- RUN yum -y remove vim-minimal # Removes minimal Vim package to avoid conflicts or to save space.
- RUN yum -y update && yum -y upgrade && yum clean all && rm -rf /var/cache/yum # Updates system packages and cleans up cache.
- RUN yum -y install python3-pip sshpass # Installs pip for Python 3 and sshpass for SSH automation.
- RUN /usr/bin/python3 -m pip install --upgrade pip --no-cache-dir # Upgrades pip without caching to save space.
append_base:
- RUN yum -y install openssh-clients wget tar gzip git unzip # Installs tools for SSH, file downloads, and compression.
- RUN yum -y remove python3-cryptography # Removes an older version of cryptography to avoid version conflicts.
- RUN wget -O /tmp/bw_cli.zip https://github.com/bitwarden/cli/releases/download/v1.22.1/bw-linux-1.22.1.zip
- RUN unzip /tmp/bw_cli.zip -d /usr/local/bin/
- RUN chmod +x /usr/local/bin/bw
append_final:
- RUN rm -rf /root/.cache/pip/* # Removes cached pip files to free up space.
- RUN pip list installed # Lists all installed pip packages.
- RUN yum list installed # Lists all installed yum packages.
- RUN ansible --version # Displays Ansible version to verify installation.
- RUN ansible-galaxy collection list # Lists all installed Ansible Galaxy collections.
'
The req.ynl
'---
collections:
The req.tx
'ansible'
i add an l add an lvl 5 log
job_8790.txt
OS / Environment
ee is centos9
Additional Information
Im quite desperause of this ause of this project conumed such an massive amount of time and even in the ansible forum where i usually get really good help are quite clueless
Code of Conduct
The text was updated successfully, but these errors were encountered: