Expand description
Bitwarden Secrets Manager backend for secretx.
§Integration test status
Unit tests (URI parsing, error mapping) pass without credentials.
Live integration tests require a Bitwarden Secrets Manager account
(available on Teams/Enterprise plans) and a machine account access token.
Set SECRETX_BWS_TEST=1 and BWS_ACCESS_TOKEN to enable them.
Not yet integration-tested.
URI: secretx:bitwarden:<project-name>/<secret-name>
Authentication is via the BWS_ACCESS_TOKEN environment variable, which
must hold a Bitwarden Secrets Manager machine account access token.
use secretx_bitwarden::BitwardenBackend;
use secretx_core::SecretStore;
// BWS_ACCESS_TOKEN must be set in the environment.
let store = BitwardenBackend::from_uri("secretx:bitwarden:my-project/my-secret")?;
let value = store.get().await?;§Zeroization
BWS_ACCESS_TOKEN is stored as Zeroizing<String> and zeroed when this backend is dropped.
However, the Bitwarden SDK’s SecretResponse::value field is a plain String; the secret
value returned by the SDK is not zeroed when the SDK response object is dropped. This is an
SDK limitation. The SecretValue returned to the caller is zeroed on drop as usual.
Structs§
- Bitwarden
Backend - Backend that reads secrets from Bitwarden Secrets Manager.