Bitwarden provides a way to inject secrets into your GitLab CI/CD pipelines using the Bitwarden Secrets Manager CLI. This allows your to securely store and use secrets in your CI/CD workflows. To get started:
In GitLab, navigate to your project's Settings > CI/CD page.
Select Expand in the Variables section.
Select Add variable.
Check the Mask variable flag.
Name the key
BWS_ACCESS_TOKEN. This is the variable that the Secrets Manager CLI looks for to authenticate. Alternatively, if you need to name the key something else, specify
--access-token NAME_OF_VARon the
bws secret getline later.
In another tab, open the Secrets Manager web app and create an access token.
Back in GitLab, paste the newly-created access token into the Value field.
Select Add variable to save.
Next, we're going to write a rudimentary GitLab CI/CD workflow. Create a file called
.gitlab-ci.yml in the root of your repository with the following contents:
BWS_VERis the version of the Bitwarden Secrets Manager CLI to install. Here, we are automatically getting the latest version. You can pin the version being installed by changing this to a specific version, for example
9a0b500c-cb3a-42b2-aaa2-afdb00a41daaare reference identifiers for secrets stored in Secrets Manager. The service account that your access token belongs to must be able to access these specific secrets.
npm run startis the command that expects the secret values that are retrieved by
bws. Replace this will the relevant commands for running your project.