Unable to get secret from Bitwarden Vault: 404 #3847
Description
Describe the bug
Unable to get secret from Bitwarden Vault: 404
{
"level": "error",
"ts": 1724857388.6943345,
"msg": "Reconciler error",
"controller": "externalsecret",
"controllerGroup": "external-secrets.io",
"controllerKind": "ExternalSecret",
"ExternalSecret": {
"name": "eso-test",
"namespace": "default"
},
"namespace": "default",
"name": "eso-test",
"reconcileID": "cb591eab-1679-4722-b6d5-907ef7b43ec2",
"error": "error retrieving secret at .data[0], key: REDACTED, err: error getting secret: failed to get secret: failed to perform http request, got response: failed to get secret: API error: Received error message from server: [404 Not Found] <!doctype html><html lang=\"en\" class=\"tw-h-full\"><head><meta charset=\"utf-8\"/><meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\"/><meta name=\"viewport\" content=\"width=device-width,initial-scale=1\"/><title>Page not found | Bitwarden Web vault</title><meta name=\"description\" content=\"404 Page Not Found\"/><link rel=\"apple-touch-icon\" sizes=\"180x180\" href=\"images/apple-touch-icon.png\"/><link rel=\"icon\" type=\"image/png\" sizes=\"32x32\" href=\"images/favicon-32x32.png\"/><link rel=\"icon\" type=\"image/png\" sizes=\"16x16\" href=\"images/favicon-16x16.png\"/><link rel=\"mask-icon\" href=\"images/safari-pinned-tab.svg\" color=\"#175DDC\"/><link rel=\"manifest\" href=\"70501c97b33df95adb32.json\"/><link href=\"styles.2918e43e96a0711a12f3.css\" rel=\"stylesheet\"></head><body class=\"tw-min-h-screen !tw-min-w-0 tw-text-center tw-bg-background-alt tw-flex tw-flex-col\"><main class=\"tw-max-w-3xl tw-mx-auto tw-mb-8 tw-px-2\"><img src=\"images/logo.svg\" width=\"200px\" class=\"tw-py-16\" alt=\"Bitwarden\"/><h1 class=\"tw-mb-0 tw-h1\">Sorry, this page isn't available.</h1><p class=\"tw-py-9 tw-mb-0\">The link you followed may be broken, or the page may have been removed. Try going back to the previous page or see our <a href=\"https://bitwarden.com/help/\" target=\"_blank\" rel=\"noreferrer\">Help Center</a> for more information.</p><a href=\"/\" class=\"tw-btn-secondary tw-inline-block\">Go to your web vault</a></main><footer class=\"tw-mt-auto tw-h-40 tw-bg-primary-500 tw-flex tw-justify-center tw-items-center\"><i class=\"bwi bwi-shield tw-text-contrast tw-text-4xl\"></i></footer><script defer=\"defer\" src=\"styles.31d6cfe0d16ae931b73c.js\"></script></body></html>\n with status code 400",
"stacktrace": "sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.0/pkg/internal/controller/controller.go:316\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.0/pkg/internal/controller/controller.go:263\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.2\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.19.0/pkg/internal/controller/controller.go:224"
}To Reproduce
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: bitwarden-bootstrap-issuer
namespace: external-secrets
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: bitwarden-bootstrap-certificate
namespace: external-secrets
spec:
commonName: cert-manager-bitwarden-tls
isCA: true
secretName: bitwarden-tls-certs
subject:
organizations:
- external-secrets.io
dnsNames:
- external-secrets-bitwarden-sdk-server.external-secrets.svc.cluster.local
- bitwarden-sdk-server.external-secrets.svc.cluster.local
- bitwarden-sdk-server.external-secrets
- bitwarden-sdk-server
- localhost
ipAddresses:
- 127.0.0.1
- ::1
privateKey:
algorithm: RSA
encoding: PKCS8
size: 2048
issuerRef:
name: bitwarden-bootstrap-issuer
kind: ClusterIssuer
group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: bitwarden-certificate-issuer
namespace: external-secrets
spec:
ca:
secretName: bitwarden-tls-certs
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: bitwarden-tls-certs
namespace: external-secrets
spec:
secretName: bitwarden-tls-certs
dnsNames:
- external-secrets-bitwarden-sdk-server.external-secrets.svc.cluster.local
- bitwarden-sdk-server.external-secrets.svc.cluster.local
- bitwarden-sdk-server.external-secrets
- bitwarden-sdk-server
- localhost
ipAddresses:
- 127.0.0.1
- ::1
privateKey:
algorithm: RSA
encoding: PKCS8
size: 2048
issuerRef:
name: bitwarden-certificate-issuer
kind: ClusterIssuer
group: cert-manager.io
---
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: bitwarden-secretsmanager
namespace: external-secrets
spec:
provider:
bitwardensecretsmanager:
apiURL: https://vault.bitwarden.com
identityURL: https://identity.bitwarden.com
auth:
secretRef:
credentials:
name: bitwarden
namespace: kube-system
key: token
bitwardenServerSDKURL: https://bitwarden-sdk-server.external-secrets.svc.cluster.local:9998
caProvider:
type: Secret
name: bitwarden-tls-certs
namespace: external-secrets
key: ca.crt
organizationID: "REDACTED"
projectID: "REDACTED"
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: eso-test
namespace: default
spec:
refreshInterval: 10s
secretStoreRef:
name: bitwarden-secretsmanager
kind: ClusterSecretStore
data:
- secretKey: test
remoteRef:
key: "REDACTED"Expected behavior
No error, secret added.
Screenshots
N/A
Additional context
Deployed external-secrets and bitwarden according to docs at: https://external-secrets.io/latest/provider/bitwarden-secrets-manager/