2.8 KiB
2.8 KiB
| type | title | summary | tags | scope | date | last_updated | related | source | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| plan | credvault Phase 0 — Vaultwarden org, bot account, and CLI auth setup | Step-by-step plan to prepare the self-hosted Vaultwarden instance for AI credential management — organization, restricted collection, bot account, API-key auth lifecycle, and version/parity audit. |
|
project | 2026-07-09 | 2026-07-09 |
|
ruby-gems |
credvault Phase 0 — Vaultwarden Setup
Preconditions for everything else. Interactive (web vault + email), driven with the human.
Steps
- Version audit: record Vaultwarden server version and
bw --versionon the host that will run credvault. Check instance config forTRASH_AUTO_DELETE_DAYS(default: trash is never auto-purged) andORG_CREATION_USERS/signup settings. - Organization: confirm or create a Vaultwarden Organization owned by the human account.
Create collection
AI Managed Credentials. - Bot account: invite
bot+jaredmswanson@gmail.com(invite lands in the human's Gmail). Set a distinct master password (never reused). Log into web vault once; generate personal API key (Settings → Security → Keys). Confirm the account holds org roleUserwith access to ONLY theAI Managed Credentialscollection, Edit permission. - Known limitation to accept: Vaultwarden Edit permission includes item deletion; no org toggle restricts it. Posture is deter-and-detect: wrapper (no delete command) + plugin hooks + trash/export recovery (see credvault-security-backup-recovery-plan).
- CLI auth proof: on the target host, as the user that will run credvault:
bw config server <url>→bw login --apikey(BW_CLIENTID/BW_CLIENTSECRET) →bw unlock --passwordfile <mode-600 file>→bw sync→ create/read/edit a test item in the collection →bw lock. UseBITWARDENCLI_APPDATA_DIR=~/.config/credvault/bitwarden. - Verify assumptions empirically (feeds the gem's adapter design):
- Does
bw list items --collectionid <id>include custom fields in JSON? (expected: yes, but search does NOT match custom fields — client-side filtering required) - Does editing via
bw editpreserve password history? ("last 5" is client-written; verify) - Does org encrypted-JSON export work under the human account on this version?
- Does
- Record outputs: org ID, collection ID, server URL → these become the gem's trusted
config (
~/.config/credvault/config.yml), never agent-supplied.
Exit criteria
Bot account can create/read/edit (and, acknowledged, delete) items in exactly one collection; cannot see the human's personal vault or other collections; full non-interactive auth cycle proven on the target host; empirical answers to step 6 documented in the repo.