community.general.bitwarden lookup – Retrieve secrets from Bitwarden

Note

This lookup plugin is part of the community.general collection (version 6.6.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this lookup plugin, see Requirements for details.

To use it in a playbook, specify: community.general.bitwarden.

New in community.general 5.4.0

Synopsis

  • Retrieve secrets from Bitwarden.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

  • bw (command line utility)

  • be logged into bitwarden

  • bitwarden vault unlocked

  • BW_SESSION environment variable set

Terms

Parameter

Comments

Terms

list / elements=string / required

Key(s) to fetch values for from login info.

Parameters

Parameter

Comments

collection_id

string

added in community.general 6.3.0

Collection ID to filter results by collection. Leave unset to skip filtering.

field

string

Field to fetch. Leave unset to fetch whole response.

string

added in community.general 5.7.0

Field to retrieve, for example name or id.

Default: "name"

Examples

- name: "Get 'password' from Bitwarden record named 'a_test'"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test', field='password') }}

- name: "Get 'password' from Bitwarden record with id 'bafba515-af11-47e6-abe3-af1200cd18b2'"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'bafba515-af11-47e6-abe3-af1200cd18b2', search='id', field='password') }}

- name: "Get 'password' from Bitwarden record named 'a_test' from collection"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test', field='password', collection_id='bafba515-af11-47e6-abe3-af1200cd18b2') }}

- name: "Get full Bitwarden record named 'a_test'"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test') }}

- name: "Get custom field 'api_key' from Bitwarden record named 'a_test'"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test', field='api_key') }}

Return Value

Key

Description

Return value

list / elements=any

List of requested field or JSON object of list of matches.

Returned: success

Authors

  • Jonathan Lung (@lungj)

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.