community.general.bitwarden lookup – Retrieve secrets from Bitwarden

Note

This lookup plugin is part of the community.general collection (version 9.3.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this lookup plugin, see Requirements for details.

To use it in a playbook, specify: community.general.bitwarden.

New in community.general 5.4.0

Synopsis

  • Retrieve secrets from Bitwarden.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

  • bw (command line utility)

  • be logged into bitwarden

  • bitwarden vault unlocked

  • BW_SESSION environment variable set

Terms

Parameter

Comments

Terms

list / elements=string / required

Key(s) to fetch values for from login info.

Keyword parameters

This describes keyword parameters of the lookup. These are the values key1=value1, key2=value2 and so on in the following examples: lookup('community.general.bitwarden', key1=value1, key2=value2, ...) and query('community.general.bitwarden', key1=value1, key2=value2, ...)

Parameter

Comments

bw_session

string

added in community.general 8.4.0

Pass session key instead of reading from env.

collection_id

string

added in community.general 6.3.0

Collection ID to filter results by collection. Leave unset to skip filtering.

field

string

Field to fetch. Leave unset to fetch whole response.

organization_id

string

added in community.general 8.5.0

Organization ID to filter results by organization. Leave unset to skip filtering.

string

added in community.general 5.7.0

Field to retrieve, for example name or id.

If set to id, only zero or one element can be returned. Use the Jinja first filter to get the only list element.

If set to None or '', or if _terms is empty, records are not filtered by fields.

Default: "name"

Notes

Note

  • When keyword and positional parameters are used together, positional parameters must be listed before keyword parameters: lookup('community.general.bitwarden', term1, term2, key1=value1, key2=value2) and query('community.general.bitwarden', term1, term2, key1=value1, key2=value2)

Examples

- name: "Get 'password' from all Bitwarden records named 'a_test'"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test', field='password') }}

- name: "Get 'password' from Bitwarden record with ID 'bafba515-af11-47e6-abe3-af1200cd18b2'"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'bafba515-af11-47e6-abe3-af1200cd18b2', search='id', field='password') | first }}

- name: "Get 'password' from all Bitwarden records named 'a_test' from collection"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test', field='password', collection_id='bafba515-af11-47e6-abe3-af1200cd18b2') }}

- name: "Get list of all full Bitwarden records named 'a_test'"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test') }}

- name: "Get custom field 'api_key' from all Bitwarden records named 'a_test'"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test', field='api_key') }}

- name: "Get 'password' from all Bitwarden records named 'a_test', using given session key"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test', field='password', bw_session='bXZ9B5TXi6...') }}

- name: "Get all Bitwarden records from collection"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', None, collection_id='bafba515-af11-47e6-abe3-af1200cd18b2') }}

Return Value

Key

Description

Return value

list / elements=list

A one-element list that contains a list of requested fields or JSON objects of matches.

If you use query, you get a list of lists. If you use lookup without wantlist=true, this always gets reduced to a list of field values or JSON objects.

Returned: success

Authors

  • Jonathan Lung (@lungj)

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.