How to: BitWarden get password

Hello again!

I have bitwarden here and like to get the passwords for for example an sql root pw and use it to create an user in sql I have the bitwaden cli at the bitwarden server installed and can unlock the vault and i have an user for the playbooks to unlock the vault, but when i add the bw server in the playbooks, the extracted password is only usable on this host so how could i get the password from the bitwarden to the other servers?

And theres an officiall ansible galaxy plugin, but uptil now i never got 100% how to add those in an awx installation.

Thank you again!

You need to add it to your requirements.yml file in your project

this can be something like:

collections:
 - name: community.vmware
 - name: bitwarden.secrets
- name: community.mysql

With this in your requirements awx will pick up this file and install the requirement collection.

Notice also the python dependencies that are required these you should add in your python requirements file.

Further your can consult the example of the playbook they have posted in the readme file.
https://galaxy.ansible.com/ui/repo/published/bitwarden/secrets/docs/

okay - i make an test project and already have thisrequirementsyml

---
collections:
  # Install a collection from Ansible Galaxy.
  - name: bitwarden.secrets
    version: "1.0.1"
    source: https://galaxy.ansible.com

I tried using community.general.bitwarden
I unlocked the bitwarden tresor at the host and my playbook failes:
PB:

---
- name: Retrieve Bitwarden password test
  hosts: all
  gather_facts: false
  become: true
  tasks:
    - name: Get 'password' from Bitwarden record 'madtest'
      ansible.builtin.debug:
        msg: "{{ lookup('community.general.bitwarden', 'madtest', field='password') }}"

I created a new inventory Bitwarden with just the bitwarden server in it.
Log

Enter passphrase for /runner/artifacts/8319/ssh_key_data: 
Identity added: /runner/artifacts/8319/ssh_key_data (/runner/artifacts/8319/ssh_key_data)
ansible-playbook [core 2.15.12]
  config file = None
  configured module search path = ['/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  ansible collection location = /runner/requirements_collections:/runner/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.9.20 (main, Sep  9 2024, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-2)] (/usr/bin/python3)
  jinja version = 3.1.4
  libyaml = True
No config file found; using defaults
host_list declined parsing /runner/inventory/hosts as it did not pass its verify_file() method
Parsed /runner/inventory/hosts inventory source with script plugin
Skipping callback 'awx_display', as we already have a stdout callback.
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: bw_envtest.yaml ******************************************************
1 plays in zzz_testplaybooks_and_archive/bwtest/bw_envtest.yaml

PLAY [Retrieve Bitwarden password test] ****************************************

TASK [Get 'password' from Bitwarden record 'madtest'] **************************
task path: /runner/project/zzz_testplaybooks_and_archive/bwtest/bw_envtest.yaml:7
exception during Jinja2 execution: Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/ansible/template/__init__.py", line 879, in _lookup
    ran = instance.run(loop_terms, variables=self._available_variables, **kwargs)
  File "/usr/share/ansible/collections/ansible_collections/community/general/plugins/lookup/bitwarden.py", line 225, in run
    if not _bitwarden.unlocked:
  File "/usr/share/ansible/collections/ansible_collections/community/general/plugins/lookup/bitwarden.py", line 132, in unlocked
    out, err = self._run(['status'], stdin="")
  File "/usr/share/ansible/collections/ansible_collections/community/general/plugins/lookup/bitwarden.py", line 140, in _run
    p = Popen([self.cli_path] + args, stdout=PIPE, stderr=PIPE, stdin=PIPE)
  File "/usr/lib64/python3.9/subprocess.py", line 951, in __init__
    self._execute_child(args, executable, preexec_fn, close_fds,
  File "/usr/lib64/python3.9/subprocess.py", line 1837, in _execute_child
    raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'bw'
fatal: [www43]: FAILED! => {
    "msg": "An unhandled exception occurred while running the lookup plugin 'community.general.bitwarden'. Error was a <class 'FileNotFoundError'>, original message: [Errno 2] No such file or directory: 'bw'. [Errno 2] No such file or directory: 'bw'"
}

PLAY RECAP *********************************************************************
www43                      : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   
  

fo me the error doesnt make any sense.

I canntot use the ansible galaxy version, becsaue i need an certain addon for bitwarden to generate some sort of keys(secret manager)
It didnt sem to me i needed anything for the community version?
I dont hink so i found this guide from the git and i logged in as the serviceuser, and unlocked the tresor and added the env shown when i unlocked the thresor(bw login, bw unlock,export BW_SESSION=“mysessionkey==” ) and when i use env i see the correct key and then i executed the playbook i designed after the first exampe from the git guide.

I get the same error when i use a playbook with sessionkey:

---
- name: Retrieve Bitwarden password test
  hosts: all
  gather_facts: false
  become: true
  vars:
    bitwarden_record_name: "nagivis"
    bitwarden_session_key: "mykey+1h53+AtQ21bF0CEJB8tB3cYe1dPEA3dVTGMLGsg=="
  tasks:
    - name: "Get 'password' from all Bitwarden records named '{{ bitwarden_record_name }}'"
      ansible.builtin.debug:
        msg: "{{ lookup('community.general.bitwarden', bitwarden_record_name, field='password', bw_session=bitwarden_session_key) }}"

The lookup tries to execute the bw command line tool, which it apparently cannot find. The plugin expects the binary in the regular search path.