Secrets Manager Kubernetes Operator
warning
The Bitwarden Secrets Manager Helm integration is currently in Beta status. Some features may not provide full functionality at this time.
The Bitwarden Secrets Manager Kubernetes Operator will allow teams to integrate Secrets Manager into Kubernetes workflows securely and efficiently. Using the operator, which is deployed using Helm package manager, secrets can be stored and retrieved from Secrets Manager.
Bitwarden Secrets Manager Kubernetes Operator
The sm-operator
uses a controller to synchronize Bitwarden secrets into Kubernetes secrets. The operator registers the Custom Resource Definition: BitwardenSecret
into the Kubernetes cluster. The cluster will listen for the newly registered BitwardenSecret
, and synchronize on a configurable interval.
To get started, an active Bitwarden organization with Secrets Manager is required. Additionally, one or more access tokens associated with a machine account are required.
Additional dependencies
Add the Bitwarden Secrets Manager chart repository:
Plain Texthelm repo add bitwarden https://charts.bitwarden.com/
Update information of locally available charts:
Plain Texthelm repo update
Create a configuration file
Create a custom values file used for deployment:
Plain Texthelm show values bitwarden/sm-operator --devel > my-values.yaml
Update configuration file
Locate my-values.yaml
and fill out required values. An example can be located in the Bitwarden repository. We recommend that the following values be adjusted for your setup:
Value | Description |
---|---|
| How often the secrets synchronize (in seconds). Minimum value is 180. |
| Self-hosted users set to |
| For self-hosted users only. This is the URL for your instance API. |
| For self-hosted users only. This is the URL for your instance's identity service. |
| Set to This setting is recommended for most common cases that do not require escalating privileges to make containers restrictive. See Kubernetes documentation for more information. |
note
To use a different operate image version than the one included with the chart, update:containers.manager.image.tag
.
Once your values.yaml
file has been configured, upgrade the release to a new chart by running:
Plain Texthelm upgrade sm-operator bitwarden/sm-operator -i --debug -n sm-operator-system --create-namespace --values my-values.yaml --devel
This command installs or upgrades a release with the name sm-operator
, in the namespace sm-operator-system
, with the values from my-values.yaml
.
note
To see information for the helm install
or helm upgrade
commands, run helm install --help
or helm upgrade --help
.