bitwarden · tangowithfoxtrot · Feb 20, 2024 · Feb 1, 2024 · Feb 1, 2024 · Feb 1, 2024
@@ -10,6 +10,7 @@ adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 ### Changed
 
 - Switched TLS backend to `rustls`, removing the dependency on `OpenSSL`.
+- Add a `BWS_CONFIG_FILE` environment variable to specify the location of the config file (#571)
 
 ## [0.4.0] - 2023-12-21
 

diff --git a/crates/bws/Dockerfile b/crates/bws/Dockerfile
@@ -30,5 +30,12 @@ WORKDIR /usr/local/bin
 COPY --from=build /app/target/release/bws .
 COPY --from=build /etc/ssl/certs /etc/ssl/certs
 
-ENTRYPOINT ["bws"]
+# Create a non-root user
+RUN useradd -ms /bin/bash app
+
+# Switch to the non-root user
+USER app
 
+WORKDIR /home/app
+
+ENTRYPOINT ["bws"]
@@ -44,3 +44,21 @@ echo 'source <(/path/to/bws completions bash)' >> ~/.bashrc
 
 For more detailed documentation, please refer to the
 [Secrets Manager CLI help article](https://bitwarden.com/help/secrets-manager-cli/).
+
+## Docker
+
+We also provide a docker image preloaded with the `bws` cli.
+
+```bash
+# From the root of the repository
+docker build -f crates/bws/Dockerfile -t bitwarden/bws .
+
+docker run --rm -it bitwarden/bws --help
+```
+
+To use a configuration file, utilize docker
+[bind mounting](https://docs.docker.com/storage/bind-mounts/) to expose it to the container:
+
+```bash
+docker run --rm -it -v "$HOME"/.bws:/home/app/.bws bitwarden/bws --help
+```
@@ -47,6 +47,7 @@ struct Cli {
         short = 'f',
         long,
         global = true,
+        env = CONFIG_FILE_KEY_VAR_NAME,
         help = format!("[default: ~/{}/{}] Config file to use", config::DIRECTORY, config::FILENAME)
     )]
     config_file: Option<PathBuf>,
@@ -228,6 +229,7 @@ async fn main() -> Result<()> {
 }
 
 const ACCESS_TOKEN_KEY_VAR_NAME: &str = "BWS_ACCESS_TOKEN";
+const CONFIG_FILE_KEY_VAR_NAME: &str = "BWS_CONFIG_FILE";
 const PROFILE_KEY_VAR_NAME: &str = "BWS_PROFILE";
 const SERVER_URL_KEY_VAR_NAME: &str = "BWS_SERVER_URL";