Implement external-secrets with the Bitwarden integration for user-related secrets

mirceanton / home-ops

Monorepo to manage my Home Lab.

GNU General Public License v3.0

36 stars 4 forks source link

Implement external-secrets with the Bitwarden integration for user-related secrets #61

Open mircea-pavel-anton opened 11 months ago

mircea-pavel-anton commented 11 months ago

Currently, all secrets are managed locally using sops. This is ok for infra-related stuff, like tokens or webhook urls, but for user passwords and such, Bitwarden would be better.

References:

https://external-secrets.io/latest/examples/bitwarden/

remkolems commented 9 months ago

I believe you also use TrueNAS Scale, therefore with Truecharts Enterprise you could use vaultwarden (as I do now for the same reasons as you do). However contemplating on a more self-managed GitOps/IaC solution as Truecharts did make some unfortune braking changes in the past.

https://truecharts.org/charts/enterprise/vaultwarden/)[https://truecharts.org/charts/enterprise/vaultwarden/]

PS. Thank you BTW for https://mirceanton.com/posts/2023-11-28-the-best-os-for-kubernetes/ and https://youtu.be/4_U0KK-blXQ

mircea-pavel-anton commented 9 months ago

@remkolems Thanks for the suggestion!

I'm actually using TrueNAS Core, not Scale, as I don't really like the built-in k3s solution that much. I currently have a simple Talos VM on my TrueNAS Core server to host some utility services, and I am not 100% sure I want to self-host my vaultwarden instance tbh.

Also, not a huge fan of TrueCharts either :))