Secrets Manager - Store, Manage, & Deploy Infrastructure Secrets | Bitwarden

3 min read Original article ↗

The problem: Unmanaged plaintext secrets pose serious security risks.

  • Hardcoded credentials in repos

  • Shared .env files in slack or email

  • API keys in CI/CD logs

  • AI agents requesting broad credential access

These practices expose critical credentials, paving the way for a costly data breach.

Put an end to secrets sprawl and centralize secret management in a single, end-to-end encrypted solution.

Stop secrets from leaking into build logs

Inject secrets at runtime into CI/CD pipelines without ever storing them as plaintext environment variables or a hardcoded config.

✓ Ready to use GitHub Actions, GitLab CI/CD, and Jenkins integrations

✓ Machine accounts scoped per pipeline and revoked instantly

✓ Full audit log of every secret access event with timestamp

✓ Zero-knowledge: Bitwarden can't read your secrets

For IT teams looking for a complete enterprise solution, Bitwarden helps your business meet development deadlines while staying secure throughout the whole process.

Audit-ready event logs

Every secret access, user log in, and administrative change is timestamped and logged. Export to CSV or pipe into your SIEM. Ready for your next audit.

Role-based access controls

IT controls who can create projects, manage machine accounts, and access secrets, ensuring compliance with least-privilege access.

SSO, SCIM and directory integrations

Connect Secrets Manager to your existing business tech stack. Automatically provision users with SCIM, enforce SSO log ins, invite developers via your directory provider.

Say goodbye to complex management systems that leave your secrets scattered. The Bitwarden process is easy to configure and deploy.

Store secrets

Set up a project based on service, initiative, or environment. Control who and what can read each project.

Organize by project

Centralize API keys, DB credentials, SSH keys, and certificates in an end-to-end encrypted vault, each assigned to a project.

Issue machine access

Give each machine or agent its own access token scoped to exactly what it needs.

Use secrets

Securely deploy secrets within your development workflows, CI/CD pipelines, and agent processes. 

Python
#!/usr/bin/env python3
import logging
import os

from bitwarden_sdk import BitwardenClient, DeviceType, client_settings_from_dict

identityUrl = os.getenv("BW_IDENTITY_URL")
apiUrl = os.getenv("BW_API_URL")
organizationId = os.getenv("ORGANIZATION_ID")
accessToken = os.getenv("BW_ACCESS_TOKEN")
projectId = os.getenv("BW_PROJECT_ID")

client = BitwardenClient(
	client_settings_from_dict(
    	{
        	"apiUrl": apiUrl,
        	"deviceType": DeviceType.SDK,
        	"identityUrl": identityUrl,
        	"userAgent": "Python",
    	}
	)
)

client.access_token_login(accessToken)

secret = client.secrets().create(
	"Secret Key",
	"Secret Note",
	organizationId,
	"Secret Value",
	[projectId],
)

SDKs

Software development kits (SDKs) empower your development team to build their own custom integrations and operations.

Integrations

Quickly build connections between your various machines, tools, and ecosystems with out-of-the-box integrations.

CLI

The Secrets Manager CLI is the primary method to deploy secrets into applications, agent workflows, and infrastructure.

Get streamlined secrets management. Pick your plan.

Teams

For development teams that need more business capabilities.

All Free features, plus:

  • Unlimited secrets and projects

  • Up to 20 machine accounts

  • Audit activity with event logs

  • Manage access with user groups

Enterprise

SSO, SCIM, self-hosting, and enterprise policies for orgs with compliance requirements.

All Free and Teams features, plus:

  • Up to 50 machine accounts

  • Granular access control

  • Passwordless SSO integration

  • Automate provisioning with SCIM

  • Easy account recovery

  • Flexibility to self-host

Pricing shown in USD and based on an annual subscription. Taxes not included.

For solo developers and small projects.

Already a Bitwarden Password Manager customer?

Get started by adding Secrets Manager to your organization or contact sales for a free trial.

Unlimited Secret Storage

Securely share secrets with users

Machine and AI agent access via machine accounts

Organize secrets via projects

Organization Two-Step Login via Duo

Account Recovery Administration

Ready to get started?

Protect your infrastructure and development pipelines from secret leaks with Bitwarden Secrets Manager.