[User Story] Configure Bitwarden Secrets Manager access in GitHub Actions #30
Description
Story Summary
As a platform maintainer, I want GitHub Actions to authenticate with Bitwarden Secrets Manager, so that secrets can be retrieved securely and non-interactively during CI runs.
As a platform maintainer, I want CI workflows to use bws to retrieve secrets, so that sensitive values are not stored in the repository or logs.
✅ Acceptance Criteria
Define "done" in clear, testable terms (Given/When/Then if applicable).
- Given a CI workflow starts, when
bwsis invoked, then:- Authentication succeeds using a GitHub Actions secret
- Required secrets are retrieved successfully
- Secrets are not printed to logs.
- Secrets are scoped to the dev environment.
📝 Additional Context
- Design: N/A
- Docs: Bitwarden Secrets Manager CLI (
bws) - Related Issues/PRs:
📦 Definition of Ready
- Acceptance criteria defined
- Bitwarden Secrets Manager project is configured
- Story is estimated
- Required secrets are identified
- Priority is clear
✅ Definition of Done
- All acceptance criteria met
- Secrets retrieval works reliably in CI
- Peer-reviewed
- Security posture documented