Use bitwarden server to manage credentials (#1806)

Co-authored-by: Muhammed Salih Altun <muhammedsalihaltun@gmail.com>
2025-09-10 06:15:18 +00:00 · 2025-02-20 13:50:41 -08:00 · 2025-02-20 13:50:41 -08:00 · 02a8861d4a
commit 02a8861d4a
parent 902c0ad4ce
11 changed files with 609 additions and 35 deletions
--- a/skyvern/forge/sdk/workflow/context_manager.py
+++ b/skyvern/forge/sdk/workflow/context_manager.py
@ -1,4 +1,3 @@
-import json
 import uuid
 from typing import TYPE_CHECKING, Any, Self

@ -8,10 +7,10 @@ from skyvern.config import settings
 from skyvern.exceptions import (
    BitwardenBaseError,
    CredentialParameterNotFoundError,
-    CredentialParameterParsingError,
    SkyvernException,
    WorkflowRunContextNotInitialized,
 )
+from skyvern.forge import app
 from skyvern.forge.sdk.api.aws import AsyncAWSClient
 from skyvern.forge.sdk.schemas.organizations import Organization
 from skyvern.forge.sdk.schemas.tasks import TaskStatus
@ -78,9 +77,7 @@ class WorkflowRunContext:
            if isinstance(secrete_parameter, AWSSecretParameter):
                await workflow_run_context.register_aws_secret_parameter_value(aws_client, secrete_parameter)
            elif isinstance(secrete_parameter, CredentialParameter):
-                await workflow_run_context.register_credential_parameter_value(
-                    aws_client, secrete_parameter, organization
-                )
+                await workflow_run_context.register_credential_parameter_value(secrete_parameter, organization)
            elif isinstance(secrete_parameter, BitwardenLoginCredentialParameter):
                await workflow_run_context.register_bitwarden_login_credential_parameter_value(
                    aws_client, secrete_parameter, organization
@ -176,30 +173,21 @@ class WorkflowRunContext:

    async def register_credential_parameter_value(
        self,
-        aws_client: AsyncAWSClient,
        parameter: CredentialParameter,
        organization: Organization,
    ) -> None:
        LOG.info(f"Fetching credential parameter value for credential: {parameter.credential_id}")
-        org_secret_values = await aws_client.get_secret(organization.organization_id)
-        if org_secret_values is None:
-            raise CredentialParameterNotFoundError(parameter.credential_id)
-        # Parse the items and extract credentials
-        try:
-            org_secret_values_json = json.loads(org_secret_values)
-
-        except json.JSONDecodeError:
-            raise CredentialParameterParsingError(
-                f"Failed to parse credential JSON. Credential ID: {parameter.credential_id}"
-            )
-
-        credentials = org_secret_values_json.get(parameter.credential_id)
-        if credentials is None:
+        credential_item = await app.DATABASE.get_credential(
+            parameter.credential_id, organization_id=organization.organization_id
+        )
+        if credential_item is None:
            raise CredentialParameterNotFoundError(parameter.credential_id)
+        credential = await BitwardenService.get_credential_item(credential_item.item_id)
+        credential_dict = credential.credential.model_dump()

        self.parameters[parameter.key] = parameter
        self.values[parameter.key] = {}
-        for key, value in credentials.items():
+        for key, value in credential_dict.items():
            random_secret_id = self.generate_random_secret_id()
            secret_id = f"{random_secret_id}_{key}"
            self.secrets[secret_id] = value