Add Bitwarden credential manager

[alberefe]

Implement credential management system with Bitwarden integration. This provides automated secrets retrieval.

This relieves the user from hardcoding credentials in files and also automates the retrieval of api keys from pools in an automated way, optimizing speed when the program needs to rotate through several api keys or credentials to access different services in a row.

The following are the contents of the PR:

• Add Bitwarden manager (bw_manager.py)
• Custom exception handling
• Utility functions
• Test coverage for Bitwarden functionality

[alberefe]

I pushed some changes cause some format issues in the code.

[sduenas]

Thanks again for your PR. I think it will be nice to integrate this. Please check my comments and remove all references to other managers not yet supported (AWS, Hashicorp).

[sduenas]

Please check my comments.

[alberefe]

Did some more changes and pushed. Testing was not correct after last comment changes.

[alberefe]

So, testing, reading and refactoring I've come to the finding that when we use client_id + client_secret (apikey) for login, then we need the master password for unlocking the vault. That means that we have to add the master password somewhere to the login or creating the object so we can unlock the vault.

This does not happen if we use user-password, in which case the vault unlocks by itself. So I've come to two options:

1. I include the master password in the parameters for creating the BitwardenManager object and use it in unlock function as parameter. In this case, it's just one more argument and would not change it more, but I'm not sure how this would go with big enterprises. In this case, we could go back to use user + password and remove the unlock method so it would simplify the class.
2. I implement BitwardenManager using their secrets manager, which would make the development much easier but would force people using it to have a suscription and wouldn't be free.
3. I can write two implementations each one using one of the ways.

I am going to push changes with option 1, cause we have already put in the parameter list two sensitive strings, so adding one more I don't think would be a problem. Awaiting opinions.

[alberefe]

So it's right now using the master_password as third argument. Rechecked everything and tested. Should be good to go and returns what is shown in the README.

[sduenas]

@jjmerchante can you have a look to this PR?

[jjmerchante]

Overall, it looks good to me. Please review my comments, most are about style.

I don’t like using the master password, but as you said, there isn’t any other way to unlock. I think using API keys is better for authentication, because in some cases you need single sign-on or two-factor authentication, and with API keys, as I understand it, this isn’t required.

Let’s keep this as is for now, we can explore Bitwarden Secrets later.

[alberefe]

Did all the changes and merged the poetry.lock changes too.

I also agree that the master password is not the best solution but could develop a Bitwarden Secrets solution next to this so people can choose which one to use.

[alberefe]

I am not sure how to resolve that poetry.lock conflict without breaking stuff, can I leave this to you? I am still not 100% sure of my git skills.

[jjmerchante]

I am not sure how to resolve that poetry.lock conflict without breaking stuff, can I leave this to you? I am still not 100% sure of my git skills.

The best way is to remove the poetry.lock file and regenerate it instead of trying to resolve the conflicts manually:

rm poetry.lock
poetry update
git add poetry.lock
git commit --amend

Then push with -f to force-push the commit.

If have any issues, let me know and I can update it for you.

[alberefe]

Fixed that missing line and tried to fix the poetry.lock following instructions, but it keeps showing as error. Can you fix it? Would also like to know what's going on, I don't understand.

Thanks a lot for the reviews and I'm around for any other changes.

[jjmerchante]

I was wrong with my previous instructions. Here’s what I actually did in your branch (assuming origin is the chaoss repository):

git rebase origin/master
# Conflict in poetry.lock
rm poetry.lock
poetry update
git add poetry.lock
git status   # No more conflicts
git rebase --continue

[jjmerchante]

LGTM