Enable key connector selfhost (#1707)

* initial commit * Add code for Key Connector feature * Add help URL to config * Fix folders for key-connector service * Fix paths for key-connector * fixing the env file builder when disabling the key connector * swapping a variable name Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
2025-06-30 15:42:48 -05:00 · 2021-11-16 09:52:02 -08:00
parent cdb622d4aa
commit 3a22f91ff5
8 changed files with 70 additions and 0 deletions
--- a/util/Setup/EnvironmentFileBuilder.cs
+++ b/util/Setup/EnvironmentFileBuilder.cs
@ -14,6 +14,7 @@ namespace Bit.Setup
        private IDictionary<string, string> _mssqlValues;
        private IDictionary<string, string> _globalOverrideValues;
        private IDictionary<string, string> _mssqlOverrideValues;
+        private IDictionary<string, string> _keyConnectorOverrideValues;

        public EnvironmentFileBuilder(Context context)
        {
@ -45,6 +46,7 @@ namespace Bit.Setup
            Init();
            LoadExistingValues(_globalOverrideValues, "/bitwarden/env/global.override.env");
            LoadExistingValues(_mssqlOverrideValues, "/bitwarden/env/mssql.override.env");
+            LoadExistingValues(_keyConnectorOverrideValues, "/bitwarden/env/key-connector.override.env");

            if (_context.Config.PushNotifications &&
                _globalOverrideValues.ContainsKey("globalSettings__pushRelayBaseUri") &&
@ -107,6 +109,18 @@ namespace Bit.Setup
            {
                ["SA_PASSWORD"] = dbPassword,
            };
+
+            _keyConnectorOverrideValues = new Dictionary<string, string>
+            {
+                ["keyConnectorSettings__webVaultUri"] = _context.Config.Url,
+                ["keyConnectorSettings__identityServerUri"] = "http://identity:5000",
+                ["keyConnectorSettings__database__provider"] = "json",
+                ["keyConnectorSettings__database__jsonFilePath"] = "/etc/bitwarden/key-connector/data.json",
+                ["keyConnectorSettings__rsaKey__provider"] = "certificate",
+                ["keyConnectorSettings__certificate__provider"] = "filesystem",
+                ["keyConnectorSettings__certificate__filesystemPath"] = "/etc/bitwarden/key-connector/bwkc.pfx",
+                ["keyConnectorSettings__certificate__filesystemPassword"] = Helpers.SecureRandomString(32, alpha: true, numeric: true),
+            };
        }

        private void LoadExistingValues(IDictionary<string, string> _values, string file)
@ -179,6 +193,16 @@ namespace Bit.Setup
            }
            Helpers.Exec("chmod 600 /bitwarden/env/mssql.override.env");

+            if (_context.Config.EnableKeyConnector)
+            {
+                using (var sw = File.CreateText("/bitwarden/env/key-connector.override.env"))
+                {
+                    sw.Write(template(new TemplateModel(_keyConnectorOverrideValues)));
+                }
+
+                Helpers.Exec("chmod 600 /bitwarden/env/key-connector.override.env");
+            }
+
            // Empty uid env file. Only used on Linux hosts.
            if (!File.Exists("/bitwarden/env/uid.env"))
            {