diff --git a/crates/bws/CHANGELOG.md b/crates/bws/CHANGELOG.md index d5ba27061..2bb431485 100644 --- a/crates/bws/CHANGELOG.md +++ b/crates/bws/CHANGELOG.md @@ -10,6 +10,7 @@ adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ### Changed - Switched TLS backend to `rustls`, removing the dependency on `OpenSSL`. +- Add a `BWS_CONFIG_FILE` environment variable to specify the location of the config file (#571) ## [0.4.0] - 2023-12-21 diff --git a/crates/bws/Dockerfile b/crates/bws/Dockerfile index f50a3e7a6..4f16f8e6c 100644 --- a/crates/bws/Dockerfile +++ b/crates/bws/Dockerfile @@ -30,5 +30,12 @@ WORKDIR /usr/local/bin COPY --from=build /app/target/release/bws . COPY --from=build /etc/ssl/certs /etc/ssl/certs -ENTRYPOINT ["bws"] +# Create a non-root user +RUN useradd -ms /bin/bash app + +# Switch to the non-root user +USER app +WORKDIR /home/app + +ENTRYPOINT ["bws"] diff --git a/crates/bws/README.md b/crates/bws/README.md index 11ea23814..cb9c268fb 100644 --- a/crates/bws/README.md +++ b/crates/bws/README.md @@ -44,3 +44,21 @@ echo 'source <(/path/to/bws completions bash)' >> ~/.bashrc For more detailed documentation, please refer to the [Secrets Manager CLI help article](https://bitwarden.com/help/secrets-manager-cli/). + +## Docker + +We also provide a docker image preloaded with the `bws` cli. + +```bash +# From the root of the repository +docker build -f crates/bws/Dockerfile -t bitwarden/bws . + +docker run --rm -it bitwarden/bws --help +``` + +To use a configuration file, utilize docker +[bind mounting](https://docs.docker.com/storage/bind-mounts/) to expose it to the container: + +```bash +docker run --rm -it -v "$HOME"/.bws:/home/app/.bws bitwarden/bws --help +``` diff --git a/crates/bws/src/main.rs b/crates/bws/src/main.rs index e55df5082..cb130b52c 100644 --- a/crates/bws/src/main.rs +++ b/crates/bws/src/main.rs @@ -47,6 +47,7 @@ struct Cli { short = 'f', long, global = true, + env = CONFIG_FILE_KEY_VAR_NAME, help = format!("[default: ~/{}/{}] Config file to use", config::DIRECTORY, config::FILENAME) )] config_file: Option, @@ -228,6 +229,7 @@ async fn main() -> Result<()> { } const ACCESS_TOKEN_KEY_VAR_NAME: &str = "BWS_ACCESS_TOKEN"; +const CONFIG_FILE_KEY_VAR_NAME: &str = "BWS_CONFIG_FILE"; const PROFILE_KEY_VAR_NAME: &str = "BWS_PROFILE"; const SERVER_URL_KEY_VAR_NAME: &str = "BWS_SERVER_URL";