From 8618675c723e81c0946d6c25c9645b131acd0960 Mon Sep 17 00:00:00 2001 From: tangowithfoxtrot <5676771+tangowithfoxtrot@users.noreply.github.com> Date: Thu, 1 Feb 2024 08:55:21 -0800 Subject: [PATCH 1/8] add `BWS_CONFIG_FILE` var --- crates/bws/src/main.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crates/bws/src/main.rs b/crates/bws/src/main.rs index e55df5082..cb130b52c 100644 --- a/crates/bws/src/main.rs +++ b/crates/bws/src/main.rs @@ -47,6 +47,7 @@ struct Cli { short = 'f', long, global = true, + env = CONFIG_FILE_KEY_VAR_NAME, help = format!("[default: ~/{}/{}] Config file to use", config::DIRECTORY, config::FILENAME) )] config_file: Option, @@ -228,6 +229,7 @@ async fn main() -> Result<()> { } const ACCESS_TOKEN_KEY_VAR_NAME: &str = "BWS_ACCESS_TOKEN"; +const CONFIG_FILE_KEY_VAR_NAME: &str = "BWS_CONFIG_FILE"; const PROFILE_KEY_VAR_NAME: &str = "BWS_PROFILE"; const SERVER_URL_KEY_VAR_NAME: &str = "BWS_SERVER_URL"; From b96160bb1e6f52fd261bc3036a76c1978e7d806e Mon Sep 17 00:00:00 2001 From: tangowithfoxtrot <5676771+tangowithfoxtrot@users.noreply.github.com> Date: Thu, 1 Feb 2024 09:14:53 -0800 Subject: [PATCH 2/8] Use non-root user for docker image --- crates/bws/Dockerfile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/crates/bws/Dockerfile b/crates/bws/Dockerfile index d75494648..257d04dbf 100644 --- a/crates/bws/Dockerfile +++ b/crates/bws/Dockerfile @@ -30,5 +30,12 @@ WORKDIR /usr/local/bin COPY --from=build /app/target/release/bws . COPY --from=build /etc/ssl/certs /etc/ssl/certs -ENTRYPOINT ["bws"] +# Create a non-root user +RUN useradd -ms /bin/bash app + +# Switch to the non-root user +USER app +WORKDIR /home/app + +ENTRYPOINT ["bws"] From 84c73826d58e848d92b7b86f9595d9169c541f20 Mon Sep 17 00:00:00 2001 From: tangowithfoxtrot <5676771+tangowithfoxtrot@users.noreply.github.com> Date: Thu, 1 Feb 2024 09:15:13 -0800 Subject: [PATCH 3/8] Document Docker usage --- crates/bws/README.md | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/crates/bws/README.md b/crates/bws/README.md index 11ea23814..4b6b9b040 100644 --- a/crates/bws/README.md +++ b/crates/bws/README.md @@ -44,3 +44,45 @@ echo 'source <(/path/to/bws completions bash)' >> ~/.bashrc For more detailed documentation, please refer to the [Secrets Manager CLI help article](https://bitwarden.com/help/secrets-manager-cli/). + +### Docker + +You can also use the `bws` CLI with Docker: + + + +```bash +# From the root of the repository, build the Docker image: +docker build -f crates/bws/Dockerfile --no-cache -t bitwarden/bws . + +# Run with Docker: +docker run --rm -it bitwarden/bws --help +``` + +The Docker image is ran with a non-root user named `app`. If you need to pass your config file to +the container, you can use the `-v`/`--volume` flag to mount your local `.bws` directory to the +default location within the container: + +```bash +docker run --rm -it -v "$HOME"/.bws:/home/app/.bws bitwarden/bws --help +``` + +Alternatively, you can use the `BWS_CONFIG_FILE` environment variable to specify the location of the +config file within the container: + +```bash +docker run --rm -it -e BWS_CONFIG_FILE="/path/to/config/file" -v /path/to/config/file:"$BWS_CONFIG_FILE" bitwarden/bws --help +``` + +Or, more concisely: + +```bash +# Set the BWS_CONFIG_FILE environment variable on your host +export BWS_CONFIG_FILE="/path/to/config/file" + +# Pass the BWS_CONFIG_FILE environment variable to the container +docker run --rm -it -e BWS_CONFIG_FILE="$BWS_CONFIG_FILE" -v "$BWS_CONFIG_FILE":"$BWS_CONFIG_FILE" bitwarden/bws --help +``` + +Note that if you want to use identitcal config file paths on your host and in the container, the +parent directory must exist on both. From d2f93c172805928730a29c9701bc61f4bbfc8965 Mon Sep 17 00:00:00 2001 From: tangowithfoxtrot <5676771+tangowithfoxtrot@users.noreply.github.com> Date: Thu, 1 Feb 2024 09:24:00 -0800 Subject: [PATCH 4/8] Update changelog --- crates/bws/CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/crates/bws/CHANGELOG.md b/crates/bws/CHANGELOG.md index d5ba27061..2bb431485 100644 --- a/crates/bws/CHANGELOG.md +++ b/crates/bws/CHANGELOG.md @@ -10,6 +10,7 @@ adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ### Changed - Switched TLS backend to `rustls`, removing the dependency on `OpenSSL`. +- Add a `BWS_CONFIG_FILE` environment variable to specify the location of the config file (#571) ## [0.4.0] - 2023-12-21 From 3ebf21fa810b61d8f045af449b2ec6e55ddfb007 Mon Sep 17 00:00:00 2001 From: tangowithfoxtrot <5676771+tangowithfoxtrot@users.noreply.github.com> Date: Thu, 1 Feb 2024 12:28:40 -0800 Subject: [PATCH 5/8] Update README.md --- crates/bws/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crates/bws/README.md b/crates/bws/README.md index 4b6b9b040..963ff5407 100644 --- a/crates/bws/README.md +++ b/crates/bws/README.md @@ -45,9 +45,9 @@ echo 'source <(/path/to/bws completions bash)' >> ~/.bashrc For more detailed documentation, please refer to the [Secrets Manager CLI help article](https://bitwarden.com/help/secrets-manager-cli/). -### Docker +## Docker -You can also use the `bws` CLI with Docker: +You can also use the `bws` Docker image: From 6900a23f5e8ab429ed74508af9e5b19142ecdab6 Mon Sep 17 00:00:00 2001 From: tangowithfoxtrot <5676771+tangowithfoxtrot@users.noreply.github.com> Date: Thu, 1 Feb 2024 19:00:04 -0800 Subject: [PATCH 6/8] fix grammar and typo --- crates/bws/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crates/bws/README.md b/crates/bws/README.md index 963ff5407..66205882d 100644 --- a/crates/bws/README.md +++ b/crates/bws/README.md @@ -59,7 +59,7 @@ docker build -f crates/bws/Dockerfile --no-cache -t bitwarden/bws . docker run --rm -it bitwarden/bws --help ``` -The Docker image is ran with a non-root user named `app`. If you need to pass your config file to +The Docker image is run with a non-root user named `app`. If you need to pass your config file to the container, you can use the `-v`/`--volume` flag to mount your local `.bws` directory to the default location within the container: @@ -84,5 +84,5 @@ export BWS_CONFIG_FILE="/path/to/config/file" docker run --rm -it -e BWS_CONFIG_FILE="$BWS_CONFIG_FILE" -v "$BWS_CONFIG_FILE":"$BWS_CONFIG_FILE" bitwarden/bws --help ``` -Note that if you want to use identitcal config file paths on your host and in the container, the +Note that if you want to use identical config file paths on your host and in the container, the parent directory must exist on both. From 9633621c3ffeb4fc5f8aea870304929a01d01ebe Mon Sep 17 00:00:00 2001 From: tangowithfoxtrot <5676771+tangowithfoxtrot@users.noreply.github.com> Date: Mon, 5 Feb 2024 20:25:20 -0800 Subject: [PATCH 7/8] shorten Docker readme --- crates/bws/README.md | 34 +++++----------------------------- 1 file changed, 5 insertions(+), 29 deletions(-) diff --git a/crates/bws/README.md b/crates/bws/README.md index 66205882d..dcac663b4 100644 --- a/crates/bws/README.md +++ b/crates/bws/README.md @@ -47,42 +47,18 @@ For more detailed documentation, please refer to the ## Docker -You can also use the `bws` Docker image: - - +We also provide a docker image preloaded with the `bws` cli. ```bash -# From the root of the repository, build the Docker image: -docker build -f crates/bws/Dockerfile --no-cache -t bitwarden/bws . +# From the root of the repository +docker build -f crates/bws/Dockerfile -t bitwarden/bws . -# Run with Docker: docker run --rm -it bitwarden/bws --help ``` -The Docker image is run with a non-root user named `app`. If you need to pass your config file to -the container, you can use the `-v`/`--volume` flag to mount your local `.bws` directory to the -default location within the container: +To use a configuration file, utilize docker [bind mounting](https://docs.docker.com/storage/bind-mounts/) +to expose it to the container: ```bash docker run --rm -it -v "$HOME"/.bws:/home/app/.bws bitwarden/bws --help ``` - -Alternatively, you can use the `BWS_CONFIG_FILE` environment variable to specify the location of the -config file within the container: - -```bash -docker run --rm -it -e BWS_CONFIG_FILE="/path/to/config/file" -v /path/to/config/file:"$BWS_CONFIG_FILE" bitwarden/bws --help -``` - -Or, more concisely: - -```bash -# Set the BWS_CONFIG_FILE environment variable on your host -export BWS_CONFIG_FILE="/path/to/config/file" - -# Pass the BWS_CONFIG_FILE environment variable to the container -docker run --rm -it -e BWS_CONFIG_FILE="$BWS_CONFIG_FILE" -v "$BWS_CONFIG_FILE":"$BWS_CONFIG_FILE" bitwarden/bws --help -``` - -Note that if you want to use identical config file paths on your host and in the container, the -parent directory must exist on both. From 74ca4bc643b4f70392a9f61cdc0abb4806474d35 Mon Sep 17 00:00:00 2001 From: tangowithfoxtrot <5676771+tangowithfoxtrot@users.noreply.github.com> Date: Tue, 6 Feb 2024 04:28:32 +0000 Subject: [PATCH 8/8] run prettier --- crates/bws/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crates/bws/README.md b/crates/bws/README.md index dcac663b4..cb9c268fb 100644 --- a/crates/bws/README.md +++ b/crates/bws/README.md @@ -56,8 +56,8 @@ docker build -f crates/bws/Dockerfile -t bitwarden/bws . docker run --rm -it bitwarden/bws --help ``` -To use a configuration file, utilize docker [bind mounting](https://docs.docker.com/storage/bind-mounts/) -to expose it to the container: +To use a configuration file, utilize docker +[bind mounting](https://docs.docker.com/storage/bind-mounts/) to expose it to the container: ```bash docker run --rm -it -v "$HOME"/.bws:/home/app/.bws bitwarden/bws --help