apiVersion: apps/v1 kind: Deployment metadata: name: bitwarden-cli namespace: external-secrets spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/name: bitwarden-cli template: metadata: labels: app.kubernetes.io/name: bitwarden-cli spec: containers: - name: bitwarden-cli image: ghcr.io/charlesthomas/bitwarden-cli:2024.12.0 imagePullPolicy: IfNotPresent envFrom: - secretRef: name: bitwarden resources: limits: cpu: 500m memory: 500Mi ports: - name: http containerPort: 8087 protocol: TCP livenessProbe: exec: command: - wget - -q - http://127.0.0.1:8087/sync?force=true - --post-data='' initialDelaySeconds: 20 failureThreshold: 3 timeoutSeconds: 10 periodSeconds: 120 readinessProbe: tcpSocket: port: 8087 initialDelaySeconds: 20 failureThreshold: 3 timeoutSeconds: 1 periodSeconds: 10 startupProbe: tcpSocket: port: 8087 initialDelaySeconds: 10 failureThreshold: 30 timeoutSeconds: 1 periodSeconds: 5 --- apiVersion: v1 kind: Service metadata: name: bitwarden-cli namespace: external-secrets spec: type: ClusterIP ports: - port: 8087 targetPort: http protocol: TCP name: http selector: app.kubernetes.io/name: bitwarden-cli --- kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: namespace: external-secrets name: external-secret-2-bw-cli spec: podSelector: matchLabels: app.kubernetes.io/name: bitwarden-cli ingress: - from: - podSelector: matchLabels: app.kubernetes.io/name: external-secrets --- apiVersion: external-secrets.io/v1beta1 kind: ClusterSecretStore metadata: name: bitwarden-login spec: provider: webhook: url: "http://bitwarden-cli:8087/object/item/{{ .remoteRef.key }}" headers: Content-Type: application/json result: jsonPath: "$.data.login.{{ .remoteRef.property }}" --- apiVersion: external-secrets.io/v1beta1 kind: ClusterSecretStore metadata: name: bitwarden-fields spec: provider: webhook: url: "http://bitwarden-cli:8087/object/item/{{ .remoteRef.key }}" result: jsonPath: "$.data.fields[?@.name==\"{{ .remoteRef.property }}\"].value" --- apiVersion: external-secrets.io/v1beta1 kind: ClusterSecretStore metadata: name: bitwarden-notes spec: provider: webhook: url: "http://bitwarden-cli:8087/object/item/{{ .remoteRef.key }}" result: jsonPath: "$.data.notes" --- apiVersion: external-secrets.io/v1beta1 kind: ClusterSecretStore metadata: name: bitwarden-attachments spec: provider: webhook: url: "http://bitwarden-cli:8087/object/attachment/{{ .remoteRef.property }}?itemid={{ .remoteRef.key }}" result: {}