Bitwarden Secrets Manager
Fetch secrets from Bitwarden Secrets Manager to use as variables in your API requests.
Prerequisites
- Bitwarden organization with Secrets Manager
- Machine account with access token
- Secrets stored in Bitwarden Secrets Manager
Configuration
- Go to Settings > Secret Providers
- Click Add Provider
- Select Bitwarden
- Fill in the configuration:
| Field | Description |
|---|---|
| Name | Display name for this provider |
| Server URL | Bitwarden server URL (leave empty for cloud: https://vault.bitwarden.com) |
| Access Token | Machine account access token |
| Organization ID | Your organization ID (optional) |
| Secret Name | Name of the secret to fetch |
- Click Test Connection to verify credentials
- Click Save
Access Token Format
Bitwarden access tokens have the format:
0.{client_id}.{client_secret}:{encryption_key}
Example:
0.2fd91392-21d1-4d62-9d97-b3d90169fc82.J0tD8a6AvHXozgq8MUuyuSfa74G3pD:89CTHkZ63/u6xFqaV8D16w==
Creating a Machine Account
- Log in to Bitwarden web vault
- Go to Organizations > Secrets Manager
- Click Machine accounts > New machine account
- Name it (e.g.,
istek-reader) - Grant access to the projects containing your secrets
- Click Access tokens > Create access token
- Copy the full access token
Self-Hosted Bitwarden
For self-hosted Bitwarden, enter your server URL:
https://bitwarden.example.com
Istek will automatically construct the identity and API URLs.
Usage
Once configured, click Fetch Secrets to load the secrets. Each secret's value will be available as a variable:
GET {{API_URL}}/users
Authorization: Bearer {{API_KEY}}
End-to-End Encryption
Bitwarden secrets are end-to-end encrypted. Istek decrypts secrets locally using the encryption key embedded in your access token. Your secrets are never transmitted in plaintext.