W3cubDocs

/Ansible

community.general.bitwarden_secrets_manager lookup – Retrieve secrets from Bitwarden Secrets Manager

Note

This lookup plugin is part of the community.general collection (version 10.7.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this lookup plugin, see Requirements for details.

To use it in a playbook, specify: community.general.bitwarden_secrets_manager.

New in community.general 7.2.0

Synopsis
Requirements
Terms
Keyword parameters
Notes
Examples
Return Value

Synopsis

Retrieve secrets from Bitwarden Secrets Manager.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

bws (command line utility)

Terms

Parameter	Comments
Terms list / elements=string / required	Secret ID(s) to fetch values for.

Keyword parameters

This describes keyword parameters of the lookup. These are the values key1=value1, key2=value2 and so on in the following examples: lookup('community.general.bitwarden_secrets_manager', key1=value1, key2=value2, ...) and query('community.general.bitwarden_secrets_manager', key1=value1, key2=value2, ...)

Parameter	Comments
bws_access_token string / required	The BWS access token to use for this lookup. Configuration: Environment variable: `BWS_ACCESS_TOKEN`

Notes

Note

When keyword and positional parameters are used together, positional parameters must be listed before keyword parameters: lookup('community.general.bitwarden_secrets_manager', term1, term2, key1=value1, key2=value2) and query('community.general.bitwarden_secrets_manager', term1, term2, key1=value1, key2=value2)

Examples

- name: Get a secret relying on the BWS_ACCESS_TOKEN environment variable for authentication
  ansible.builtin.debug:
    msg: >-
      {{ lookup("community.general.bitwarden_secrets_manager", "2bc23e48-4932-40de-a047-5524b7ddc972") }}

- name: Get a secret passing an explicit access token for authentication
  ansible.builtin.debug:
    msg: >-
      {{
        lookup(
          "community.general.bitwarden_secrets_manager",
          "2bc23e48-4932-40de-a047-5524b7ddc972",
          bws_access_token="9.4f570d14-4b54-42f5-bc07-60f4450b1db5.YmluYXJ5LXNvbWV0aGluZy0xMjMK:d2h5IGhlbGxvIHRoZXJlCg=="
        )
      }}

- name: Get two different secrets each using a different access token for authentication
  ansible.builtin.debug:
    msg:
      - '{{ lookup("community.general.bitwarden_secrets_manager", "2bc23e48-4932-40de-a047-5524b7ddc972", bws_access_token=token1) }}'
      - '{{ lookup("community.general.bitwarden_secrets_manager", "9d89af4c-eb5d-41f5-bb0f-4ae81215c768", bws_access_token=token2) }}'
  vars:
    token1: "9.4f570d14-4b54-42f5-bc07-60f4450b1db5.YmluYXJ5LXNvbWV0aGluZy0xMjMK:d2h5IGhlbGxvIHRoZXJlCg=="
    token2: "1.69b72797-6ea9-4687-a11e-848e41a30ae6.YW5zaWJsZSBpcyBncmVhdD8K:YW5zaWJsZSBpcyBncmVhdAo="

- name: Get just the value of a secret
  ansible.builtin.debug:
    msg: >-
      {{ lookup("community.general.bitwarden_secrets_manager", "2bc23e48-4932-40de-a047-5524b7ddc972").value }}

Return Value

Key	Description
Return value list / elements=dictionary	List containing one or more secrets. Returned: success

Authors

jantari (@jantari)

Collection links

© 2012–2018 Michael DeHaan
© 2018–2025 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/bitwarden_secrets_manager_lookup.html