/BitwardenRESTAPIServerDocker

Primary LanguageDockerfile

Bitwarden REST API Server

https://hub.docker.com/r/ebette1/bitwarden-rest-api-server

Overview

Use this Docker file to set up a local REST API server for interacting with Bitwarden resources.

This is an all-in-one implementation of Bitwarden's CLI based solution for setting up a local REST API server for making CLI calls through HTTP requests.

The docker image is updated nightly using the latest Bitwarden CLI.

Usage

Set up environment variables

The image uses the environment variables BW_CLIENTID and BW_CLIENTSECRET to authenticate the API connection.

  1. Follow these instructions to get your client_id and client_secret
  2. Put these values into a local file (ie. $HOME/.env) to pass to the container at runtime:
echo BW_CLIENTID=<your_client_id> >> $HOME/.env && \
echo BW_CLIENTSECRET=<your_client_secret> >> $HOME/.env

Using your own Bitwarden server instance

If you're using your own instance of Bitwarden, set the host name in the environment variable BW_HOST. The docker container will automatically configure the CLI/API to use this host when the container is started or restarted.

🔗 Using an API key

Run

You can run the container by using docker run:

docker run --env-file .env -td -p 8087:8087 ebette1/bitwarden-rest-api-server:latest

Docker Compose

Alternatively, you can set your container up in a docker-compose.yml file:

services:
  # Service name
  bitwarden-rest-api-server:
    # Image 
    image: ebette1/bitwarden-rest-api-server:latest
    # Container
    container_name: bitwarden-rest-api-server
    # Environment
    environment:
      # Sources from $HOME/.env file (assume docker-compose.yml is also in $HOME)
      - BW_CLIENTID=$BW_CLIENTID
      - BW_CLIENTSECRET=$BW_CLIENTSECRET
    # Networking
    ports:
      - 8087:8087
    # Config
    restart: unless-stopped

Example Usage

You can run commands in the local host's shell using curl:

Unlock

curl http://localhost:8087/unlock -d '{"password": "$BT_PASSWORD"}' --header "Content-Type: application/json"

Handling session keys

❗ In order to run additional vault management commands using this API, it is necessary to save and use the session key provided in the response to the unlock command.

This command will export the session key to the docker container's environment:

docker container exec -e BW_SESSION=$(curl http://localhost:8087/unlock -d '{"password": "$BT_PASSWORD"}' --header "Content-Type: application/json" | grep -P '(?<="raw":").*(?=")' -o) bitwarden-rest-api-server env

Building the image

If you want to build the image locally, the easiest way is to clone the GitHub repo and build from there:

git clone https://github.com/eebette/BitwardenRESTAPIServerDocker
docker build ./BitwardenRESTAPIServerDocker

Thanks

Many thanks to DarrellTang, whose work inspired and helped the development of this.

Links

Bitwarden Password Manager CLI Documentation

Bitwarden Vault Management API Documentation