bitwarden · tangowithfoxtrot · Feb 20, 2024 · Feb 1, 2024 · Feb 1, 2024 · Feb 1, 2024
@@ -10,6 +10,7 @@ adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 ### Changed
 
 - Switched TLS backend to `rustls`, removing the dependency on `OpenSSL`.
+- Add a `BWS_CONFIG_FILE` environment variable to specify the location of the config file (#571)
 
 ## [0.4.0] - 2023-12-21
 

diff --git a/crates/bws/Dockerfile b/crates/bws/Dockerfile
@@ -30,5 +30,12 @@ WORKDIR /usr/local/bin
 COPY --from=build /app/target/release/bws .
 COPY --from=build /etc/ssl/certs /etc/ssl/certs
 
-ENTRYPOINT ["bws"]
+# Create a non-root user
+RUN useradd -ms /bin/bash app
+
+# Switch to the non-root user
+USER app
 
+WORKDIR /home/app
+
+ENTRYPOINT ["bws"]
@@ -44,3 +44,45 @@ echo 'source <(/path/to/bws completions bash)' >> ~/.bashrc
 
 For more detailed documentation, please refer to the
 [Secrets Manager CLI help article](https://bitwarden.com/help/secrets-manager-cli/).
+
+## Docker
+
+You can also use the `bws` Docker image:
+
+<!-- TODO: remove the build step once the Docker image is published to the Docker Hub -->
+
+```bash
+# From the root of the repository, build the Docker image:
+docker build -f crates/bws/Dockerfile --no-cache -t bitwarden/bws .
+
+# Run with Docker:
+docker run --rm -it bitwarden/bws --help
+```
+
+The Docker image is run with a non-root user named `app`. If you need to pass your config file to
+the container, you can use the `-v`/`--volume` flag to mount your local `.bws` directory to the
+default location within the container:
+
+```bash
+docker run --rm -it -v "$HOME"/.bws:/home/app/.bws bitwarden/bws --help
+```
+
+Alternatively, you can use the `BWS_CONFIG_FILE` environment variable to specify the location of the
+config file within the container:
+
+```bash
+docker run --rm -it -e BWS_CONFIG_FILE="/path/to/config/file" -v /path/to/config/file:"$BWS_CONFIG_FILE" bitwarden/bws --help
+```
+
+Or, more concisely:
+
+```bash
+# Set the BWS_CONFIG_FILE environment variable on your host
+export BWS_CONFIG_FILE="/path/to/config/file"
+
+# Pass the BWS_CONFIG_FILE environment variable to the container
+docker run --rm -it -e BWS_CONFIG_FILE="$BWS_CONFIG_FILE" -v "$BWS_CONFIG_FILE":"$BWS_CONFIG_FILE" bitwarden/bws --help
+```
+
+Note that if you want to use identical config file paths on your host and in the container, the
+parent directory must exist on both.
@@ -47,6 +47,7 @@ struct Cli {
         short = 'f',
         long,
         global = true,
+        env = CONFIG_FILE_KEY_VAR_NAME,
         help = format!("[default: ~/{}/{}] Config file to use", config::DIRECTORY, config::FILENAME)
     )]
     config_file: Option<PathBuf>,
@@ -228,6 +229,7 @@ async fn main() -> Result<()> {
 }
 
 const ACCESS_TOKEN_KEY_VAR_NAME: &str = "BWS_ACCESS_TOKEN";
+const CONFIG_FILE_KEY_VAR_NAME: &str = "BWS_CONFIG_FILE";
 const PROFILE_KEY_VAR_NAME: &str = "BWS_PROFILE";
 const SERVER_URL_KEY_VAR_NAME: &str = "BWS_SERVER_URL";