Secrets management
Bitwarden
Configure CryptoHub
8min
after you deploy the bitwarden service in {{ch}} , set up a client endpoint an endpoint is a device authorized to access the service use the endpoints menu to view and manage these devices you can also add new endpoints by selecting \[ add new ] when prompted, enter the device address and specify the endpoint the following sections provide detailed instructions for deploying a client endpoint and installing the client library files deploy the client endpoint perform the following steps to deploy the client endpoint go to the endpoints menu inside the service you deployed in the manage endpoints menu, select \[ add new ] in the add endpoint dialog enter a name for the endpoint (optional) leave the {{ch}} hostname set to the auto populated value in the platform drop down list, you must select linux openssl 3 x 64 bit to match the openssl version installed in the bitwarden key connector container select \[ add endpoint ] the browser prompts you to download a zip file containing the {{futurex}} pkcs #11 module and a configuration file pre configured to connect to your {{ch}} instance to install the files on the machine where you installed bitwarden, perform the configure bitwarden docid 22ef59dnadqvnljodcul instructions in the next section generate rsa key pair perform the following tasks to generate an rsa key pair for bitwarden key connector create x 509 certificate container and root ca generate bitwarden key pair export bitwarden certificate assign a name to the private key grant use permission on the private key you must generate the bitwarden key pair under a root ca certificate to give it the encrypt and decrypt security usage it requires create a certificate container and ca perform the following steps to create an x 509 certificate container and root ca go to administrative services > pki management > certificate management select \[ add ca ] in the x 509 certificate container creation dialog, configure the following settings name select bitwarden host select none type select x 509 owner group select the bitwarden role {{ch}} created for the service right click the bitwarden x 509 certificate container and select add certificate > new certificate configure the following subject dn settings preset classic common name root configure the following basic info settings leave the fields set to the default values configure the following v3 extensions settings profile select certificate authority select \[ ok ] generate a key pair perform the following steps to generate the bitwarden key pair right click the root ca certificate and select add certificate > new certificate configure the following subject dn settings preset classic common name bitwarden configure the following basic info settings security usage encrypt/decrypt leave all other fields set to the default values configure the following v3 extensions settings profile tls client certificate select \[ ok ] export certificate perform the following steps to export the bitwarden certificate right click the bitwarden certificate and select export > certificate(s) change encoding to pem and select \[ browse ] specify a filename for web transfer (such as bitwarden cert pem ) and select \[ ok ] select \[ ok ] to initiate the export when prompted, save the certificate file assign a name perform the following steps to assign a name to the private key go to administrative services > key management > key database select \[ reload ] right click the bitwarden key pair in the keys section and select edit under key settings , enter bitwarden in the name field and select \[ ok ] to save grant use permission perform the following steps to grant the use permission on the private key go to administrative services > key management > key database right click the bitwarden key pair and select permission select the bitwarden role in the drop down menu and select \[ add ] select the permission drop down option next to the bitwarden role and select use select \[ save ]