extend bitwarden credential to support vaultwarden (#3268)

2025-08-22 13:02:12 +08:00
parent c54ba42bb9
commit 44d7c73242
3 changed files with 26 additions and 22 deletions
--- a/skyvern/config.py
+++ b/skyvern/config.py
@@ -282,6 +282,7 @@ class Settings(BaseSettings):
    BITWARDEN_CLIENT_ID: str | None = None
    BITWARDEN_CLIENT_SECRET: str | None = None
    BITWARDEN_MASTER_PASSWORD: str | None = None
+    BITWARDEN_EMAIL: str | None = None
    OP_SERVICE_ACCOUNT_TOKEN: str | None = None

    # Skyvern Auth Bitwarden Settings
--- a/skyvern/forge/sdk/services/bitwarden.py
+++ b/skyvern/forge/sdk/services/bitwarden.py
@@ -184,8 +184,8 @@ class BitwardenService:

    @staticmethod
    async def get_secret_value_from_url(
-        client_id: str,
-        client_secret: str,
+        client_id: str | None,
+        client_secret: str | None,
        master_password: str,
        bw_organization_id: str | None,
        bw_collection_ids: list[str] | None,
@@ -249,8 +249,8 @@ class BitwardenService:

    @staticmethod
    async def _get_secret_value_from_url(
-        client_id: str,
-        client_secret: str,
+        client_id: str | None,
+        client_secret: str | None,
        master_password: str,
        bw_organization_id: str | None,
        bw_collection_ids: list[str] | None,
@@ -382,8 +382,8 @@ class BitwardenService:

    @staticmethod
    async def get_sensitive_information_from_identity(
-        client_id: str,
-        client_secret: str,
+        client_id: str | None,
+        client_secret: str | None,
        master_password: str,
        bw_organization_id: str | None,
        bw_collection_ids: list[str] | None,
@@ -438,8 +438,8 @@ class BitwardenService:

    @staticmethod
    async def _get_sensitive_information_from_identity(
-        client_id: str,
-        client_secret: str,
+        client_id: str | None,
+        client_secret: str | None,
        master_password: str,
        collection_id: str,
        identity_key: str,
@@ -516,15 +516,18 @@ class BitwardenService:
            await BitwardenService.logout()

    @staticmethod
-    async def login(client_id: str, client_secret: str) -> None:
+    async def login(client_id: str | None, client_secret: str | None) -> None:
        """
        Log in to the Bitwarden CLI.
        """
        env = {
-            "BW_CLIENTID": client_id,
-            "BW_CLIENTSECRET": client_secret,
+            "BW_CLIENTID": client_id or "",
+            "BW_CLIENTSECRET": client_secret or "",
        }
-        login_command = ["bw", "login", "--apikey"]
+        if settings.BITWARDEN_EMAIL and settings.BITWARDEN_MASTER_PASSWORD:
+            login_command = ["bw", "login", settings.BITWARDEN_EMAIL, settings.BITWARDEN_MASTER_PASSWORD]
+        else:
+            login_command = ["bw", "login", "--apikey"]
        login_result = await BitwardenService.run_command(login_command, env)

        # Validate the login result
@@ -588,8 +591,8 @@ class BitwardenService:

    @staticmethod
    async def _get_credit_card_data(
-        client_id: str,
-        client_secret: str,
+        client_id: str | None,
+        client_secret: str | None,
        master_password: str,
        bw_organization_id: str | None,
        bw_collection_ids: list[str] | None,
@@ -664,8 +667,8 @@ class BitwardenService:

    @staticmethod
    async def get_credit_card_data(
-        client_id: str,
-        client_secret: str,
+        client_id: str | None,
+        client_secret: str | None,
        master_password: str,
        bw_organization_id: str | None,
        bw_collection_ids: list[str] | None,
--- a/skyvern/forge/sdk/workflow/context_manager.py
+++ b/skyvern/forge/sdk/workflow/context_manager.py
@@ -416,9 +416,9 @@ class WorkflowRunContext:
            LOG.error(f"Failed to get Bitwarden login credentials from AWS secrets. Error: {e}")
            raise e

-        if not client_id:
+        if not client_id and not settings.BITWARDEN_EMAIL:
            raise ValueError("Bitwarden client ID not found")
-        if not client_secret:
+        if not client_secret and not settings.BITWARDEN_EMAIL:
            raise ValueError("Bitwarden client secret not found")
        if not master_password:
            raise ValueError("Bitwarden master password not found")
@@ -519,9 +519,9 @@ class WorkflowRunContext:
            LOG.error(f"Failed to get Bitwarden login credentials from AWS secrets. Error: {e}")
            raise e

-        if not client_id:
+        if not client_id and not settings.BITWARDEN_EMAIL:
            raise ValueError("Bitwarden client ID not found")
-        if not client_secret:
+        if not client_secret and not settings.BITWARDEN_EMAIL:
            raise ValueError("Bitwarden client secret not found")
        if not master_password:
            raise ValueError("Bitwarden master password not found")
@@ -586,9 +586,9 @@ class WorkflowRunContext:
            LOG.error(f"Failed to get Bitwarden login credentials from AWS secrets. Error: {e}")
            raise e

-        if not client_id:
+        if not client_id and not settings.BITWARDEN_EMAIL:
            raise ValueError("Bitwarden client ID not found")
-        if not client_secret:
+        if not client_secret and not settings.BITWARDEN_EMAIL:
            raise ValueError("Bitwarden client secret not found")
        if not master_password:
            raise ValueError("Bitwarden master password not found")