Bitwarden Secrets Manager Setup¶
Set up Bitwarden Secrets Manager as the secrets provider for ComposeFlux.
See Bitwarden Secrets Manager Overview for product details.
Steps¶
1. Create a Project¶
- Sign in to Bitwarden.
- Open Secrets Manager.
- Click New Project.
- Create a project for ComposeFlux secrets.
2. Add Secrets¶
Add secrets to the project.
- If you want ComposeFlux to fetch your Git SSH deploy key from Bitwarden at startup, create a secret that stores the private key, then copy that secret's ID for
GIT_DEPLOY_KEY_SECRET_REF. See Deploy Key Secret Reference.
- Add any stack secrets you want exposed as environment variables (for example,
DATABASE_URL,API_KEY).
3. Create a Machine Account¶
- Go to the Machine Accounts tab.
- Click New Machine Account.
- Assign the project you created.
- Set permission to Can read.
- Click Save.
4. Generate an Access Token¶
- Open the machine account.
- Go to the Access tokens tab.
- Click Create access token.
- Copy and store the token.
5. Configuration Checklist¶
Make sure you have the following values for ComposeFlux:
- Organization ID
- Project ID
- API URL (default:
https://vault.bitwarden.com/api) - Identity URL (default:
https://vault.bitwarden.com/identity)
Environment Variables¶
Add to your .env or compose file:
SECRETS_PROVIDER=bitwarden
BITWARDEN_ACCESS_TOKEN=<your-access-token>
BITWARDEN_ORGANIZATION_ID=<your-org-id>
BITWARDEN_PROJECT_ID=<your-project-id>
# Optional: only if fetching SSH deploy key from Bitwarden
GIT_DEPLOY_KEY_SECRET_REF=<bitwarden-secret-id>
# Optional: only for self-hosted Bitwarden
# BITWARDEN_API_URL=https://vault.bitwarden.com/api
# BITWARDEN_IDENTITY_URL=https://vault.bitwarden.com/identity
Usage in Compose Stacks¶
ComposeFlux fetches secrets from the configured Bitwarden project and exposes them as environment variables using each secret key name.
services:
app:
image: myapp:latest
environment:
DATABASE_URL: ${DATABASE_URL}
API_KEY: ${API_KEY}