diff --git a/gulpfile.babel.js b/gulpfile.babel.js index bb441ee37..8745c1e28 100644 --- a/gulpfile.babel.js +++ b/gulpfile.babel.js @@ -127,6 +127,8 @@ function humanize(categoryId) { return "Azure Site Extensions"; case "azureFunctions": return "Azure Functions"; + case "bitwarden": + return "Bitwarden"; case "cassandra": return "Cassandra"; case "chef": diff --git a/step-templates/bitwarden-secrets-manager-retrieve-secrets.json b/step-templates/bitwarden-secrets-manager-retrieve-secrets.json new file mode 100644 index 000000000..36b2550a1 --- /dev/null +++ b/step-templates/bitwarden-secrets-manager-retrieve-secrets.json @@ -0,0 +1,75 @@ +{ + "Id": "740fb4a1-e863-4e81-ab54-ef28292334e4", + "Name": "Bitwarden Secrets Manager - Retrieve Secrets", + "Description": "This step retrieves one or more secrets from [Bitwarden Secrets Manager](https://bitwarden.com/products/secrets-manager/), and creates [sensitive output variables](https://octopus.com/docs/projects/variables/output-variables#sensitive-output-variables) for each value retrieved. These values can be used in other steps in your deployment or runbook process.\n\nYou can choose a custom output variable name for each secret, or one will be chosen for you.\n\n---\n\n**Required:** \n- PowerShell **5.1** or higher.\n- The Bitwarden Secrets Manager (`bws`) CLI installed on the target or worker. If the CLI can't be found, the step will fail.\n- A machine account [access token](https://bitwarden.com/help/access-tokens/) with permissions to retrieve secrets from the specified project.\n\nNotes:\n\n- Tested on Octopus **2025.4**.\n- Tested on both Windows Server 2022 and Ubuntu 24.04.", + "ActionType": "Octopus.Script", + "Version": 1, + "CommunityActionTemplateId": null, + "Packages": [], + "GitDependencies": [], + "Properties": { + "Octopus.Action.Script.ScriptSource": "Inline", + "Octopus.Action.Script.Syntax": "PowerShell", + "Octopus.Action.Script.ScriptBody": "$ErrorActionPreference = 'Stop'\n\n# Variables\n$BwsServerUrl = $OctopusParameters[\"Bitwarden.SecretsManager.RetrieveSecrets.ServerUrl\"]\n$ProjectName = $OctopusParameters[\"Bitwarden.SecretsManager.RetrieveSecrets.ProjectName\"]\n$BwsAccessToken = $OctopusParameters[\"Bitwarden.SecretsManager.RetrieveSecrets.AccessToken\"]\n$SecretNames = $OctopusParameters[\"Bitwarden.SecretsManager.RetrieveSecrets.SecretNames\"]\n$PrintVariableNames = $OctopusParameters[\"Bitwarden.SecretsManager.RetrieveSecrets.PrintVariableNames\"]\n\nWrite-Output \"Verifying 'bws' command availability...\"\nif (-not (Get-Command bws -ErrorAction SilentlyContinue)) {\n throw \"The 'bws' (Bitwarden Secrets Manager CLI) command was not found. Please ensure it is installed and available in the system's PATH.\"\n}\nWrite-Output \"'bws' command found.\"\n\n# Validation\nif ([string]::IsNullOrWhiteSpace($ProjectName)) {\n throw \"Required parameter Bitwarden.SecretsManager.RetrieveSecrets.ProjectName not specified.\"\n}\nif ([string]::IsNullOrWhiteSpace($BwsServerUrl)) {\n throw \"Required parameter Bitwarden.SecretsManager.RetrieveSecrets.ServerURL not specified.\"\n}\nif ([string]::IsNullOrWhiteSpace($BwsAccessToken)) {\n throw \"Required parameter Bitwarden.SecretsManager.RetrieveSecrets.AccessToken not specified.\"\n}\nif ([string]::IsNullOrWhiteSpace($SecretNames)) {\n throw \"Required parameter Bitwarden.SecretsManager.RetrieveSecrets.SecretNames not specified.\"\n}\n\n# Functions\nfunction Save-OctopusVariable {\n Param(\n [string] $name,\n [string] $value\n )\n if ($script:storedVariables -icontains $name) {\n Write-Warning \"A variable with name '$name' has already been created. Check your secret name parameters as this will likely cause unexpected behavior and should be investigated.\"\n }\n Set-OctopusVariable -Name $name -Value $value -Sensitive\n $script:storedVariables += $name\n\n if ($PrintVariableNames -eq $True) {\n Write-Output \"Created output variable: ##{Octopus.Action[$StepName].Output.$name}\"\n }\n}\n\nfunction Get-BwsProjectIdByName {\n param(\n [Parameter(Mandatory = $true)]\n [string]$Name,\n [Parameter(Mandatory = $true)]\n [string]$AccessToken\n )\n \n # 1. API Call: Retrieve all projects in JSON format (1st API Call)\n $ProjectJson = bws project list `\n --access-token $AccessToken `\n --server-url $BwsServerUrl `\n --output json | Out-String\n\n # 2. Convert to PowerShell objects and filter by name\n $Projects = $ProjectJson | ConvertFrom-Json\n\n # 3. Find the ID of the matching project\n $ProjectObject = $Projects | Where-Object { $_.name -eq $Name }\n\n if (-not $ProjectObject) {\n throw \"Error: Project '$Name' not found.\"\n }\n\n # Handle the case where the project name might not be unique\n if ($ProjectObject.Count -gt 1) {\n Write-Warning \"Multiple projects found with name '$Name'. Using the first ID found.\"\n }\n\n # Return the ID\n return $ProjectObject.id\n}\n\n# End Functions\n\n$script:storedVariables = @()\n$StepName = $OctopusParameters[\"Octopus.Step.Name\"]\n$Secrets = @()\n\n# Extract secret names\n@(($SecretNames -Split \"`n\").Trim()) | ForEach-Object {\n if (![string]::IsNullOrWhiteSpace($_)) {\n Write-Verbose \"Working on: '$_'\"\n $secretDefinition = ($_ -Split \"\\|\")\n $secretName = $secretDefinition[0].Trim()\n \n if ([string]::IsNullOrWhiteSpace($secretName)) {\n throw \"Unable to establish secret name from: '$($_)'\"\n }\n $secret = [PsCustomObject]@{\n Name = $secretName\n VariableName = if ($secretDefinition.Count -gt 1 -and ![string]::IsNullOrWhiteSpace($secretDefinition[1])) { $secretDefinition[1].Trim() } else { $secretName } # If VariableName is blank, use SecretName\n }\n $Secrets += $secret\n }\n}\n\nWrite-Verbose \"Project Name: $ProjectName\"\nWrite-Verbose \"Secrets to retrieve: $($Secrets.Count)\"\nWrite-Verbose \"Print variables: $PrintVariableNames\"\n\ntry {\n\n # 1. Get the Project ID from the friendly name\n Write-Output \"Looking up project ID for '$ProjectName'\"\n $ProjectID = Get-BwsProjectIdByName -Name $ProjectName -AccessToken $BwsAccessToken\n \n Write-Output \"Project ID found: $ProjectID\"\n \n # 2. Retrieve all secrets from the found project (The single efficient call)\n Write-Output \"Fetching all secrets from project.\"\n $SecretNamesToQuery = @($Secrets | Select-Object -ExpandProperty Name)\n\n # Use the projectId to get all secrets in that project\n $SecretsJson = bws secret list $ProjectID `\n --access-token $BwsAccessToken `\n --server-url $BwsServerUrl `\n --output json | Out-String\n $AllSecrets = $SecretsJson | ConvertFrom-Json\n\n # 3. Filter the local objects to only include the desired secret names\n Write-Output \"Filtering for desired secrets: $($SecretNamesToQuery -join ', ').\"\n $FilteredSecrets = $AllSecrets | Where-Object { $_.key -in $SecretNamesToQuery } | Select-Object -Property key, value\n \n foreach ($secret in $FilteredSecrets) {\n # Find the VariableName associated with the secret key\n $variableName = ($Secrets | Where-Object { $_.Name -eq $secret.key }).VariableName \n \n # Save the secret value to the output variable\n Save-OctopusVariable -name $variableName -value $secret.value\n }\n}\ncatch {\n throw \"An error occurred while retrieving secrets: $($_.Exception.Message)\"\n}\n\nWrite-Output \"Created $($script:storedVariables.Count) output variables\"" + }, + "Parameters": [ + { + "Id": "2a500677-eb3e-4e1c-93bd-0fa896aad9fd", + "Name": "Bitwarden.SecretsManager.RetrieveSecrets.ServerUrl", + "Label": "Server Url", + "HelpText": "Provide the Server Url for retrieving secrets. Default: `https://vault.bitwarden.eu`", + "DefaultValue": "https://vault.bitwarden.eu", + "DisplaySettings": { + "Octopus.ControlType": "SingleLineText" + } + }, + { + "Id": "18b7321d-803e-4217-993d-6416dd6eb5f7", + "Name": "Bitwarden.SecretsManager.RetrieveSecrets.ProjectName", + "Label": "Project Name", + "HelpText": "Provide the name of the project from which to retrieve secrets.", + "DefaultValue": "", + "DisplaySettings": { + "Octopus.ControlType": "SingleLineText" + } + }, + { + "Id": "0dada9ac-3a35-4215-b03f-9024486ee7a2", + "Name": "Bitwarden.SecretsManager.RetrieveSecrets.AccessToken", + "Label": "Machine Account Access Token", + "HelpText": "Provide the machine account [access token](https://bitwarden.com/help/access-tokens/) used to authenticate to retrieve secrets.", + "DefaultValue": "", + "DisplaySettings": { + "Octopus.ControlType": "Sensitive" + } + }, + { + "Id": "b10f61d8-dedc-4a91-add3-451de0cfd47d", + "Name": "Bitwarden.SecretsManager.RetrieveSecrets.SecretNames", + "Label": "Secret names to retrieve", + "HelpText": "Specify the names of the secrets to be returned from Secret Manager in Google Cloud, in the format:\n\n`SecretName | OutputVariableName` where:\n\n- `SecretName` is the name of the secret to retrieve.\n- `OutputVariableName` is the _optional_ Octopus [output variable](https://octopus.com/docs/projects/variables/output-variables) name to store the secret's value in. *If this value isn't specified, an output name will be generated dynamically*.\n\n**Note:** Multiple fields can be retrieved by entering each one on a new line.", + "DefaultValue": "", + "DisplaySettings": { + "Octopus.ControlType": "MultiLineText" + } + }, + { + "Id": "0a98e37e-7907-4e49-919a-5e50c7765469", + "Name": "Bitwarden.SecretsManager.RetrieveSecrets.PrintVariableNames", + "Label": "Print output variable names", + "HelpText": "Write out the names of the Octopus [output variables](https://octopus.com/docs/projects/variables/output-variables) in the task log. Default: `False`.", + "DefaultValue": "False", + "DisplaySettings": { + "Octopus.ControlType": "Checkbox" + } + } + ], + "StepPackageId": "Octopus.Script", + "$Meta": { + "ExportedAt": "2025-10-09T16:22:38.417Z", + "OctopusVersion": "2025.4.3435", + "Type": "ActionTemplate" + }, + "LastModifiedBy": "harrisonmeister", + "Category": "bitwarden" +} diff --git a/step-templates/logos/bitwarden.png b/step-templates/logos/bitwarden.png new file mode 100644 index 000000000..5e40cb25e Binary files /dev/null and b/step-templates/logos/bitwarden.png differ