Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/konstruktoid/ansible-bitwarden-inventory

A dynamic Bitwarden Ansible Inventory script
https://github.com/konstruktoid/ansible-bitwarden-inventory

ansible ansible-inventory bitwarden bitwarden-cli hacktoberfest

Last synced: 15 days ago
JSON representation

A dynamic Bitwarden Ansible Inventory script

Host: GitHub
URL: https://github.com/konstruktoid/ansible-bitwarden-inventory
Owner: konstruktoid
License: apache-2.0
Created: 2023-01-02T16:35:10.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2024-10-24T06:48:32.000Z (24 days ago)
Last Synced: 2024-10-25T02:00:22.937Z (23 days ago)
Topics: ansible, ansible-inventory, bitwarden, bitwarden-cli, hacktoberfest
Language: Python
Homepage:
Size: 376 KB
Stars: 5
Watchers: 3
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md

Awesome Lists containing this project

README

# Dynamic Bitwarden Ansible Inventory

Requires a [Bitwarden](https://www.bitwarden.com/) account and the [bw](https://bitwarden.com/help/cli/)
CLI client.

The `bitwarden_inventory.py` script uses the `bitwarden_inventory.yml`
configuration file to fetch the named servers from the current logged in
Bitwarden account using `bw`, and then generate an [Ansible](https://www.ansible.com/)
inventory.

## Examples and Usage

The `bitwarden_inventory.yml` configuration file names and fetches the hosts
using `name: identifier`, where the `name` variable is what the host will be
named in the inventory and the `identifier` is used to identify the host in
Bitwarden.

Both the name and the ID number from e.g. `bw list items` can be used as an
identifier for a host.

If the ID is omitted, the name will be used as the identifier.

Note that the script will fail if the name or ID is incorrect or missing.

The Bitwarden `user` and `password` fields will be used to populate
`ansible_user`, `ansible_password` and `ansible_become_password`.
The `ansible_host` address is the extracted netloc from the Bitwarden `uri` field
using [urllib.parse.urlparse](https://docs.python.org/3/library/urllib.parse.html).

Example `bw --pretty list items --search test-server` output:

```json
[
{
"object": "item",
"id": "1c7adc62-471d-494f-bf0d-af7e00f99c64",
"organizationId": null,
"folderId": null,
"type": 1,
"reprompt": 0,
"name": "test-server-01",
"notes": null,
"favorite": false,
"login": {
"uris": [
{
"match": null,
"uri": "192.168.0.191"
}
],
"username": "testadmin01",
"password": "testadminpassword01",
"totp": null,
"passwordRevisionDate": "2023-01-02T15:37:01.634Z"
},
"collectionIds": [],
"revisionDate": "2023-01-02T15:37:32.600Z",
"deletedDate": null,
"passwordHistory": [
{
"lastUsedDate": "2023-01-02T15:37:01.634Z",
"password": "testadmin01"
}
]
},
{
"object": "item",
"id": "e5a9a311-27bc-475d-9098-af7e00f9ae50",
"organizationId": null,
"folderId": null,
"type": 1,
"reprompt": 0,
"name": "test-server-02",
"notes": null,
"favorite": false,
"login": {
"uris": [
{
"match": null,
"uri": "192.168.0.192"
}
],
"username": "testadmin02",
"password": "testadminpassword02",
"totp": null,
"passwordRevisionDate": "2023-01-02T15:37:22.916Z"
},
"collectionIds": [],
"revisionDate": "2023-01-02T15:37:23.156Z",
"deletedDate": null,
"passwordHistory": [
{
"lastUsedDate": "2023-01-02T15:37:22.916Z",
"password": "testadmin02"
}
]
}
]
```

Configuration file based on the above:

```yaml
---
bitwarden_hosts:
test-server-01: "1c7adc62-471d-494f-bf0d-af7e00f99c64"
test-server-02:
webserver: "test-server-01"
...
```

Running `ansible-inventory -i bitwarden_inventory.py --list --yaml` will then
generate the following inventory:

```yaml
all:
children:
bitwarden_hosts:
hosts:
test-server-01:
ansible_become_password: testadminpassword01
ansible_password: testadminpassword01
ansible_user: testadmin01
test-server-02:
ansible_become_password: testadminpassword02
ansible_password: testadminpassword02
ansible_user: testadmin02
webserver:
ansible_become_password: testadminpassword01
ansible_password: testadminpassword01
ansible_user: testadmin01
ungrouped: {}
```