Bitwarden Secrets Manager setup should support EU/self-hosted server URL

[flashfork]

Hermes v0.14+ includes Bitwarden Secrets Manager support, but the setup flow appears to assume the default US Bitwarden Cloud endpoints.

For organizations on Bitwarden EU Cloud, machine-account access tokens can fail with:

invalid_client

This happens because bws defaults to the US API/identity endpoints unless configured otherwise. The token itself can be valid for the EU environment, but it is rejected by the US identity endpoint.

Working fix:

export BWS_SERVER_URL=https://vault.bitwarden.eu
hermes secrets bitwarden setup

Expected behavior:

• hermes secrets bitwarden setup should ask for Bitwarden region/server:
  • US Cloud
  • EU Cloud
  • Self-hosted/custom
• Or Hermes should expose a config key such as:

secrets:
  bitwarden:
    server_url: https://vault.bitwarden.eu

and pass that through to the bws subprocess environment.

Actual behavior:

• Setup appears to assume US endpoints.
• EU Cloud users receive invalid_client, which looks like a bad token even though the token is valid for the EU environment.

Environment:

• Bitwarden Secrets Manager CLI: bws 2.0.0
• Bitwarden organization hosted on EU Cloud: https://vault.bitwarden.eu
• Hermes setup using Bitwarden Secrets Manager

Why this matters:

This makes the new Bitwarden integration harder to adopt for EU users and encourages continued .env usage, which the feature is supposed to reduce.