 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
It was only a matter of time before a popular password manager, such as Bitwarden, would create a secrets manager, an application to create and store security tokens so they don’t have to be hard-coded into the application itself. It makes sense, especially given that Bitwarden is open source and the folks behind it seem to understand the growing need for managing secrets in cloud native and container technology.
And that’s what they’ve done, created the ideal password manager for teams that work with things like containerized and cloud native deployments. I will warn you, however, that the workflow of the Secrets Manager is a bit confusing at first. But once you understand how it works, you’ll be using it like a champ.
Although this new Secrets Manager will be a separate product from the company’s flagship Password Manager, the combination of the two gives Bitwarden a leg up over most of the competition. As of this moment, pricing is TBD for the Secrets Manager, as it is still in beta.
First off, you must have a valid Bitwarden account that includes organizations. For that, you’ll probably want one of the Teams accounts (otherwise, you are limited in the number of organizations and/or members you add).
The first thing you must do is enable the beta. To do that, log into your Bitwarden Web Vault. Click the Organizations tab and then click Billing > Subscription. You should see a checkmark for Enable Secrets Manager Beta (Figure 1).
Once the Secrets beta has been enabled, click on the icon to the left of the profile drop-down near the upper right corner and select Secrets Manager Beta (Figure 2).
You should now find yourself on the main Bitwarden Secrets Manager page (Figure 3).
The next step is to create a service account that will hold something like an API token. To do that, click Service Accounts in the left navigation. On the resulting page (Figure 4), click New Service Account.
In the resulting popup (Figure 5), give the new Service Account a name and click Save.
You will then be directed back to the Service Account page, where your new entry is listed. Click the name of that new entry and you can then add Projects to the Service Account, add members, and access tokens.
Before you can add projects and members, they have to exist.
Projects are a way to collect secrets that should be logically grouped together. Let’s create a project that can be added to the Service Account. Click Projects in the left navigation and then click Add New Project. Give the project a name and click Save. Just like with Service Accounts, once you’ve created a project, you can then add People and Service Accounts to the Project (Figure 6). With People, however, those are added in the Organizations section of the Bitwarden Password Manager.
Service accounts represent non-human accounts (such as system accounts, applications, and deployment pipelines). Now that we’ve had our detour through Projects, you’ll want to add information to your new Service Account. Go back to the Service Account section and click to open the Service Account you just added. Add a Project (if necessary) and add People.
An Access Token is the authentication vehicle that allows you to script secret injection to your application and service deployments or machines and applications as well as the ability to decrypt secrets that are stored in your vault. This prevents you from having to save actual passwords or use them in your manifests and/or code. H
ow this works is pretty simple: Each Access Token is issued to a particular service account. With that association, it will grant any machine it’s applied to access to the secrets associated with that service account. So, to make this work, you must create Service Accounts and then add Secrets to them. Those secrets are then accessible to any Access Token that has access to a particular Service Account. It’s a bit confusing, but once you start playing around with the Secrets Manager, you’ll pick up on the workflow.
To create your first token, click on the Access Tokens tab and click New Access Token. In the popup (Figure 7), give your new Access Token a name, select the required permissions from the Permissions drop-down, and give it an expiration date.
Click New Access Token to generate the access token you’ll use for the service in question. One thing to keep in mind is that you must copy the new access token, as they aren’t stored nor can be retrieved. So click Copy Token (Figure 8) to save it to your computer’s clipboard.
At any time, you can manually revoke an Access Token by navigating to Service Accounts > Access Tokens, selecting the access token, clicking the associated menu, and clicking Revoke Access Token.
And that’s the basics of using the new Bitwarden Secrets Manager. For any organization that already uses Bitwarden and needs to be able to manage Secrets as well, this will be a welcome addition. For those who’ve yet to try Bitwarden, this might be just the feature to win you over.
