How to use bitwarden_secrets_manager with AWX

[gsg-git]

Summary

In every forum - even the ansible one nobody can tell me this - am i correct here or do i have toask at redhat somewhere?
Its not the same usingg this with AWX 1:1 like here

Issue Type

Documentation Report

Component Name

community.general.bitwarden

Ansible Version

the mosst current

Community.general Version

the nost current - i created an ee with it and added the bw cli

Configuration

My example Playbook
`---

• name: Retrieve Bitwarden password test
  hosts: all
  gather_facts: false
  vars:
  bitwarden_record_name: "nagivis"
  tasks:

  • name: Configure BW CLI
    ansible.builtin.command:
    cmd: "bw config server https://bw.gruen.net/"
    #ignore_errors: yes
    #no_log: true
    delegate_to: localhost

  • name: Login to Bitwarden Vault
    ansible.builtin.command:
    cmd: "bw login {{ bw_usr }} {{ bw_pw }}"
    #no_log: true
    delegate_to: localhost
    ignore_errors: yes

  • name: Unlock Bitwarden vault
    ansible.builtin.command:
    cmd: /usr/local/bin/bw unlock {{ bw_pw }}
    register: bw_unlock
    ignore_errors: no
    delegate_to: localhost

  • name: Extract BW_SESSION from Bitwarden output
    ansible.builtin.set_fact:
    bw_session: "{{ (bw_unlock.stdout | regex_search('BW_SESSION="([^\"]+)', '\1')) | first }}"

  • name: Display the BW_SESSION variable
    ansible.builtin.debug:
    msg: "Extracted BW_SESSION: {{ bw_session }}"

  • name: "Get 'password' from all Bitwarden records named '{{ bitwarden_record_name }}'"
    ansible.builtin.debug:
    msg: "{{ lookup('community.general.bitwarden', bitwarden_record_name, field='password', bw_session=bw_session) }}"
    `
    EE
    '

---

version: 3 # Specifies the configuration version.

images:
base_image:
name: quay.io/centos/centos:stream9 # Defines the base image, using CentOS Stream 9 from Quay.io.

dependencies:
ansible_core:
package_pip: ansible-core # Installs the core Ansible package via pip.
ansible_runner:
package_pip: ansible-runner # Installs Ansible Runner via pip for running Ansible playbooks.
python_interpreter:
package_system: "python3" # Installs Python 3 as the system Python interpreter.
python_path: "/usr/bin/python3" # Specifies the path for the Python interpreter.
galaxy: requirements.yml # Ansible Galaxy dependencies specified in requirements.yml.
python: requirements.txt # Additional Python dependencies listed in requirements.txt.

additional_build_steps:
prepend_base:
- RUN yum -y install epel-release libicu rsync # Installs extra packages needed for the environment.
- RUN yum -y remove vim-minimal # Removes minimal Vim package to avoid conflicts or to save space.
- RUN yum -y update && yum -y upgrade && yum clean all && rm -rf /var/cache/yum # Updates system packages and cleans up cache.
- RUN yum -y install python3-pip sshpass # Installs pip for Python 3 and sshpass for SSH automation.
- RUN /usr/bin/python3 -m pip install --upgrade pip --no-cache-dir # Upgrades pip without caching to save space.

append_base:
- RUN yum -y install openssh-clients wget tar gzip git unzip # Installs tools for SSH, file downloads, and compression.
- RUN yum -y remove python3-cryptography # Removes an older version of cryptography to avoid version conflicts.
- RUN wget -O /tmp/bw_cli.zip https://github.com/bitwarden/cli/releases/download/v1.22.1/bw-linux-1.22.1.zip
- RUN unzip /tmp/bw_cli.zip -d /usr/local/bin/
- RUN chmod +x /usr/local/bin/bw

append_final:
- RUN rm -rf /root/.cache/pip/* # Removes cached pip files to free up space.
- RUN pip list installed # Lists all installed pip packages.
- RUN yum list installed # Lists all installed yum packages.
- RUN ansible --version # Displays Ansible version to verify installation.
- RUN ansible-galaxy collection list # Lists all installed Ansible Galaxy collections.---
version: 3 # Specifies the configuration version.

images:
base_image:
name: quay.io/centos/centos:stream9 # Defines the base image, using CentOS Stream 9 from Quay.io.

dependencies:
ansible_core:
package_pip: ansible-core # Installs the core Ansible package via pip.
ansible_runner:
package_pip: ansible-runner # Installs Ansible Runner via pip for running Ansible playbooks.
python_interpreter:
package_system: "python3" # Installs Python 3 as the system Python interpreter.
python_path: "/usr/bin/python3" # Specifies the path for the Python interpreter.
galaxy: requirements.yml # Ansible Galaxy dependencies specified in requirements.yml.
python: requirements.txt # Additional Python dependencies listed in requirements.txt.

additional_build_steps:
prepend_base:
- RUN yum -y install epel-release libicu rsync # Installs extra packages needed for the environment.
- RUN yum -y remove vim-minimal # Removes minimal Vim package to avoid conflicts or to save space.
- RUN yum -y update && yum -y upgrade && yum clean all && rm -rf /var/cache/yum # Updates system packages and cleans up cache.
- RUN yum -y install python3-pip sshpass # Installs pip for Python 3 and sshpass for SSH automation.
- RUN /usr/bin/python3 -m pip install --upgrade pip --no-cache-dir # Upgrades pip without caching to save space.

append_base:
- RUN yum -y install openssh-clients wget tar gzip git unzip # Installs tools for SSH, file downloads, and compression.
- RUN yum -y remove python3-cryptography # Removes an older version of cryptography to avoid version conflicts.
- RUN wget -O /tmp/bw_cli.zip https://github.com/bitwarden/cli/releases/download/v1.22.1/bw-linux-1.22.1.zip
- RUN unzip /tmp/bw_cli.zip -d /usr/local/bin/
- RUN chmod +x /usr/local/bin/bw

append_final:
- RUN rm -rf /root/.cache/pip/* # Removes cached pip files to free up space.
- RUN pip list installed # Lists all installed pip packages.
- RUN yum list installed # Lists all installed yum packages.
- RUN ansible --version # Displays Ansible version to verify installation.
- RUN ansible-galaxy collection list # Lists all installed Ansible Galaxy collections.

'
The req.ynl
'---
collections:

• name: community.general
• name: bitwarden.secrets'

The req.tx

'ansible'

i add an l add an lvl 5 log
job_8790.txt

OS / Environment

ee is centos9

Additional Information

Im quite desperause of this ause of this project conumed such an massive amount of time and even in the ansible forum where i usually get really good help are quite clueless

Code of Conduct

• I agree to follow the Ansible Code of Conduct

[ansibullbot]

Files identified in the description:

• plugins/lookup/bitwarden_secrets_manager.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @jantari
click here for bot help

[ansibullbot]

Files identified in the description:

• plugins/lookup/bitwarden.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @lungj
click here for bot help

[jantari]

Hey, please note that the password manager "Bitwarden" is a different product from "Bitwarden Secrets Manager".

From what I understand this question concerns the regular Bitwarden, not Bitwarden Secrets Manager or the associated lookup plugin

[gsg-git]

@jantari
No its not the secrets manager related fuction i know i need to buy this for bitwarden additionally, but what i want to do is usind this, but with awx:
https://github.com/ansible-collections/community.general/blob/main/plugins/lookup/bitwarden.py
And as far as i understood i dont need the secrets from a secret manager for this.
But when using something like this
https://galaxy.ansible.com/ui/repo/published/bitwarden/secrets/
or
https://github.com/ansible-collections/community.general/blob/main/plugins/lookup/bitwarden_secrets_manager.py

I have an paid version of bitwarden, but the support is only one level full of people who have just enough expertise to copypaste theyr kb entrys without even testing what they sent themself...

I like to stay with awx, because i need the worflow possibilities, because in the end for this project an user has to choose the diffrent variables with an as simple asa possible gui and then the worklfo has to be approved from an admin so it would be quite hard to use just ansible.

[badnetmask]

@gsg-git - I'm the person who wrote the blog you referred (thanks for that).

I looked at your debug log and it seems like the "bw config" task is running on "localhost", but for whatever reason all the other tasks are running at the "www43" host, hence why they do not work. It also appears like the debug output you attached is not from the same playbook you pasted in the issue report.

Never the less, looking at the playbook in this issue, it seems like you register the output of "bw unlock" on localhost, but the lookup is running on a remote host (no "delegate_to"). On top of that, you're not setting the BW_SESSION env var on the remote host (you're setting it as an Ansible fact, which is not the same thing as a shell env var).

I hope this helps.