From cbb4100b4e94ebf723a1bdbeb83b847b556f9f7f Mon Sep 17 00:00:00 2001
From: Brendan Golden <git_laptop@brendan.ie>
Date: Sat, 18 Nov 2023 03:03:35 +0000
Subject: [PATCH] bitwarden: brought in line with the nixpkgs again.

---
 .../bitwarden/_bitwarden_sync_module.nix      |  29 ++++++-------
 applications/bitwarden/bitwarden_sync.nix     |  29 ++++++++++---
 secrets/bitwarden/api.age                     | Bin 899 -> 0 bytes
 secrets/bitwarden/details.age                 | Bin 981 -> 900 bytes
 secrets/bitwarden/id.age                      | Bin 0 -> 809 bytes
 secrets/bitwarden/secret.age                  |  15 +++++++
 secrets/ldap/pw.age                           |  39 +++++++++---------
 secrets/secrets.nix                           |   5 ++-
 8 files changed, 74 insertions(+), 43 deletions(-)
 delete mode 100644 secrets/bitwarden/api.age
 create mode 100644 secrets/bitwarden/id.age
 create mode 100644 secrets/bitwarden/secret.age

diff --git a/applications/bitwarden/_bitwarden_sync_module.nix b/applications/bitwarden/_bitwarden_sync_module.nix
index 6a45fb8..7582397 100644
--- a/applications/bitwarden/_bitwarden_sync_module.nix
+++ b/applications/bitwarden/_bitwarden_sync_module.nix
@@ -46,12 +46,6 @@ in {
       description = lib.mdDoc "Folder to store the config file.";
       default = "/etc/bitwarden/bwdc";
     };
-
-    pw_env = mkOption {
-      type = types.str;
-      description = lib.mdDoc "The ENV var that the ldap password is stored.";
-      default = "LDAP_PW";
-    };
     interval = mkOption {
       type = types.str;
       default = "*:0,15,30,45";
@@ -229,14 +223,20 @@ in {
       };
     };
 
-    env = {
+    secrets = {
       ldap = mkOption rec {
         type = types.str;
         description = "Auth for the LDAP, has value defined in {option}`pw_env";
       };
-      bitwarden = mkOption rec {
-        type = types.str;
-        description = "Auth for Bitwarden, has BW_CLIENTID and BW_CLIENTSECRET";
+      bitwarden = {
+        client_path_id = mkOption rec {
+          type = types.str;
+          description = "Path to file that contains Client ID.";
+        };
+        client_path_secret = mkOption rec {
+          type = types.str;
+          description = "Path to file that contains Client Secret.";
+        };
       };
     };
   };
@@ -290,6 +290,8 @@ in {
             ${cfg.package}/bin/${cfg.binary_name} config server ${cfg.domain}
 
             # now login to set credentials
+            export BW_CLIENTID="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_id})"
+            export BW_CLIENTSECRET="$(< ${escapeShellArg cfg.secrets.bitwarden.client_path_secret})"
             ${cfg.package}/bin/${cfg.binary_name} login
 
             jq '.authenticatedAccounts[0] as $account
@@ -306,7 +308,7 @@ in {
 
             # final config
             ${cfg.package}/bin/${cfg.binary_name} config directory 0
-            ${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretenv ${cfg.pw_env}
+            ${cfg.package}/bin/${cfg.binary_name} config ldap.password --secretfile ${cfg.secrets.ldap}
           '';
 
           ExecStart = "${cfg.package}/bin/${cfg.binary_name} sync";
@@ -314,11 +316,6 @@ in {
           ExecStartPost = pkgs.writeShellScript "bitwarden_directory_connector-cleanup" ''
             rm -f -- ${escapeShellArg cfg.directory}/data.json
           '';
-
-          EnvironmentFile = [
-            "${cfg.env.ldap}"
-            "${cfg.env.bitwarden}"
-          ];
         };
       };
     };
diff --git a/applications/bitwarden/bitwarden_sync.nix b/applications/bitwarden/bitwarden_sync.nix
index 983904c..4136b97 100644
--- a/applications/bitwarden/bitwarden_sync.nix
+++ b/applications/bitwarden/bitwarden_sync.nix
@@ -4,6 +4,7 @@
   lib,
   ...
 }: let
+  user = "bwdc";
 in {
   imports = [
     ./_bitwarden_sync_module.nix
@@ -12,18 +13,31 @@ in {
   options = {};
 
   config = {
-    age.secrets.bitwarden_sync_api.file = ../../secrets/bitwarden/api.age;
-    age.secrets.bitwarden_sync_ldap.file = ../../secrets/ldap/details.age;
+    age.secrets.bitwarden_sync_id = {
+      file = ../../secrets/bitwarden/id.age;
+      owner = user;
+      group = user;
+    };
+    age.secrets.bitwarden_sync_secret = {
+      file = ../../secrets/bitwarden/secret.age;
+      owner = user;
+      group = user;
+    };
+    age.secrets.bitwarden_sync_ldap = {
+      file = ../../secrets/ldap/pw.age;
+      owner = user;
+      group = user;
+    };
 
     services.bitwarden_directory_connector = {
       enable = true;
 
+      user = user;
+
       domain = "https://pw.skynet.ie";
 
       package = pkgs.callPackage ./_bitwarden-directory-connector.nix {};
 
-      pw_env = "LDAP_ADMIN_PW";
-
       ldap = {
         ssl = false;
         startTls = false;
@@ -54,9 +68,12 @@ in {
         groupNameAttribute = "cn";
       };
 
-      env = {
-        bitwarden = config.age.secrets.bitwarden_sync_api.path;
+      secrets = {
         ldap = config.age.secrets.bitwarden_sync_ldap.path;
+        bitwarden = {
+          client_path_id = config.age.secrets.bitwarden_sync_id.path;
+          client_path_secret = config.age.secrets.bitwarden_sync_secret.path;
+        };
       };
     };
   };
diff --git a/secrets/bitwarden/api.age b/secrets/bitwarden/api.age
deleted file mode 100644
index 44e29599d410b7968cf7eb46210a82462fe27f90..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 899
zcmZY4zpLYP003}*+!W;DA&4B_nNzsI+SjB>nnY2|Ymz3-kETi5B-O$EYMLf(e!hI$
z2<i>GIo+az?}>wMilc(ViHmTH$2m9%J~#z&krVVbf2_~H;KRp_!fv?r%Y9zQ+4e9i
zqh5nT-Iw61T6M#qPY@^#&(R#H3_Q+jR$v4{w~z>z+<Zk;UTri0t!9>-%=QfGtm2uZ
zQfmbwT7RLFbIz&&>a`@}Em1o*u${Bn=IfqM>kWnE+q7~_=Ddb$?IMd{X4NMn6UQ6V
zl~J@Xn3T{0FClrSiAfA!HhkG`ie;KieJC26QCXRTfy2p;$18m?&YQH;PN_(7t5lS9
z3`?Z78-(0>jZgy`1F*I8ikb$zK@MDT&{49vJ4e<bcO;}8O;!sQAMi1t^c+K=L8)Ru
zGtJnj*HsCW%&-wliV2Nv)kZ=jW!KC5YLiUk|7iskj-!8X3zi|>9?(IM?Q&@dHuKhI
zm(qF_tgLY*2W2tnsD8oo3Y07+`-q~waxV<+!Gb-~K{OK<d0|jetry0z(`$~E2%qf1
z`J31>O2NR1AhIncAbzh71b@3lvm~+nWM~a-Rt-A%QID%kMWUuU2bD{GxM}TCUliDh
zu-Z&iWzx{1Ho~W_Mb$u%N1bAoy1|_KPt(TN7Tu@}-718^3r&ea%$Vr$4(Ty7(F6P@
zqvkScGYq2IDlhold}eWN7)NW44kWr~3&zkwS=GqWVC`ra)`7sNZ?>$<N`q8D1V>&-
zqekLdIf<FFmKitGYmYN?aVb}<rgt=`+wH<`HmV$7o{F2|_(+=Yv$&cNG0T(L)>u=n
z!MXtr3XnMJ6gq^sr$)**-+ejVJbm+%k4`>(l(#;M;Oed2SGya*n~&V<Gp8SKkH5Y5
z`QMLSy?y7$-yc%Gelos$@vlGms~7KIfu64}-y#m)zxm)Bm)?2h`_*&7Z8JXYzjo=D
zFD{(jKRtPZyq;Y6^hNpMlUF}@?^*AMg9OyO-+sDrP2WHBYxeS;v!BJ$<JXCUvp=r9
L`@ri5hj0G_EHN^B

diff --git a/secrets/bitwarden/details.age b/secrets/bitwarden/details.age
index 4d10a484f6204dd3804ec51395869d9a1210df78..5e368464f18374210b846cf0705dcfb30aaad81d 100644
GIT binary patch
delta 812
zcmWmB>x<h2003|gaVPO)h+}0aqi&P2#oFf8v<L@D+hms}ZS(A7ILW1Ho_!@vlN3f_
z95VFacAlV!G6mVteUj}MC=BaB=ZDE295Qqt^n-^e>Y;95^bmjl!f$JSW&Yd?Qw@<g
zzokz`V4s3;cF@IYMM!lJYvS^;GaTcD+A)ju2#-RbmsV^R8gn(9E|3C66_v2k$Hh#{
z`idTdTq9pm0;nSSBMwL{CVk&b>1`OppnMXoO<H{;nUSl7bQ#S!P$lEoc|Swd{cNS$
z;`|_>`vH&OL60?arc9i0019jtQK36dE0lo}ldkAfdQ6LH*^Nng#1x2j$u}@Oo$Jc$
zJBfNn!eF!(>N4q=wW<tZfhp?{?;9iE^I`_;sJ!cmoous&0zDd0Ss3)C1|&&Modnxj
z-J#WHNoHUe<7IHbs5Nt-Ra9={mAOQHNaZ3T!|R9ycZD(qWd$M{qMB)u%aVw=nvL|}
ziKS}hL<V9RgF+AXBEHI5n54DGTz45#`fkiD(In-HP9r~wn5<axH*U@)ruMMJWgAS7
zS<2y=2&7vsVuZPzC<=uz*DxCGF@Xw!hd^)$n66M@U8PbDif&Ot^b(;Hpcpw_OJqo=
zY6;8zCW?sNN^j}^fz}}jP8puA`g+pqc*ogf{iVg^F$HMyW1d4~kQhqST*k5jZW7ga
zl?H1knsk+yt1Z25`w>Cph2f}d0I5_eS<p#UDYs$E4UIS?M1^gzodF{U_&^D>GHH@!
z8-vT)c1r`E{cuXV!RF6jj-d;y>5G>)2Is9yzjc;RuU%X8{$2Z;KJ(YZ`-#mPe=OM3
zkH2_$=kz?jb?dS9Umi@^Z}zR?#4MN{{piY*FE?I2tBs~tkL(^h@W=;G*|X<%-~aXA
zz9-(WHeWw;?W@@{d+mekdv329H=f@9erM<AY<C8}cTss<{`26ed+zg>6W<Q_<DYMw
z|LoK2FUJ3z+&(vVojA1e+K>BNZ@+u=_rDKo?>zYAa7O>3Sz7tYX}-Dj=-rds_rJRZ
VTzPBZQm|*??2)y-+a2sq|34pxFB1R&

literal 981
zcmZ9`+pF7j003ZQ$|Q_E3^s6k$%Y_XsY%+TX*|bi+NMdGOOqyTk`B*E(=_QNO_TKG
z*T$V4@ktQD`QQ`=3PTh`Wx9(uI3Ro2KxHxpV~V06f>&gFJTk?{^A~)d?YVh(>cq?0
zd>Bq24`UBWF(`i=P7*)w_6r1oQE&&F0hxw%))JcmTTlrrFcCa6jEM6wKM^FWL2{r(
zOvOfB92iQ0hkzN>8fHKNtSuRYBdap1RhgR8op|KBGL}$g9C5nrE)agFhAUY&^x$b6
zR}HEX`z1c|$JWTuy=KxFH3)YwO!{p<m~`2&Ku&tYF;wGB)(eHP9m}Zfqf&wGN%aBK
zZe=>_P@Uo|0m?F42o|aC)Cjpx6#?Axcw@QFE<3251Iu;UW)h!driH9ccBW!Er)WH3
zXhmAr9LQ%?Tjm*dQ8Qens-nG;P^uGcrCY{<qW3CDMR4_MuZE#urxumnhUdW@lq${!
zl-<&5YLUemWX^}osMTLjT@uh)9TS%{U=c^GSWv^ng|LEEs(jfd(>5oM5yI1zG%*uX
zq#_OH1c9!OfJityH9n)Ih=vQ2q;X7A0=^#!WsVvejo7D}oSQJ=6fknFii|SGWYGl*
z1&F$^%l4olp`a&N?G70gu(Cllv1r(gD{+RajA-=Du9N()bvDwKycfH6;=&PWpIC!D
z%pSH-NpEV3Oz|Drn#H|tG2+0$ozGRDFxsw|(Y8#|RF`EL#+~z|z++iiv|98Gmm#D!
z#H|V!)Px{J=5#LZQCi~V=21=^a3Gs3CMd`-*Rsv(5-_|LkhGEU3f-~&^+C8uAs762
z%je;o-y4lmXOg6Ny)_+!5~ihHTJfz#+#1haF34iHZWEH&522s`+S+~4eEs0jTcd}V
z4_1$SXy1JHZFK*t_5G#Q;H&h^o{!bFU5i8R`TT)%m(N~5v2Po`2LJxtuH9FiBR}r>
z_M@D3c-Gu@ZXEmK`bP1GPwsuTb?lw3FJF4`iML*OK3co`a<Kn$UElY}D^J(oUmoCB
zPJaHRvhvv01@Z6Wr*C}s=5~7c%EtDq@1EJbg5H0)@W-h?+qXv1{q)mQSI^%3`nAb5
z{`NBuhWt~%lzx4$bXR>~<>H;qwd&;j?eV3(`sPpJ-a~IZdhwf+caHvc@1Jw0t$zXA
Cg<Plr

diff --git a/secrets/bitwarden/id.age b/secrets/bitwarden/id.age
new file mode 100644
index 0000000000000000000000000000000000000000..f9d1e61090266a65f0d6d0e33ff2cd7815bbcf53
GIT binary patch
literal 809
zcmZ9_JCBoa003}jT-3$Mq?-fj0i~s7F&5hLI$9_#6ucNIP#!Ji@u$2rF)>Etq~->r
zCKuftF41pbVxohC7xfD``30QRL5<`6zQE6Pou;$3(kjmUXuB7sE|OzV^GX8%uj$yW
zP6s0!Di#;xeq*yK2^v9TEv71Ln(xerFiB^*76ej6@S+$jP1iPPt5zatKp1P*5fpY%
zj63Qy92va8$<rab)d&?uJ(;0W$|^W)+B?0qrP_$xMkkmB3~QN&x!%u&V!4l@83qa>
zfK}c$Q?Dun6jqE<+HepukS0XH4`T$tyM%O;AtieQBhNYtBbvR=mLma}cwB1&PH&yD
zP2xp^Sz!rAsBnd(p%l3&S_LH@!Tuz+^;D_>%`M6@;O4a4hm?OeV&sB@Y<->-7_(r)
zc0?JI@oZ_}wid>-q&+86tc#xBlAgo6ZUb&9ZCJB|{<;Wl*QbK@GFVluav?Fwvh1K*
zm&<ci8wD~7DKla|ic_Jz6Jn!WDV&5vrpFQEUA9=PsTE+k6{xq}NS04;T-_IwexuX^
zS@CJgN^(8Y-QkEF4FiEkaUGjh5<{z@I*($TQ-cCxtfU5A8WgOihZV~uWNqwf)aq_B
zNuO>c3|l0MW4Cw2|LvgZrj7|5s7v5r<%3B+&qB!;c{rpEI&w8;TJ36B0~;Zv3{-A)
z9l{+7%(4p>Em_1#3FNwg#3D3BXvT|#mWIH(C~QjJsbYOIscitmqdwGZHXCiS-p|sp
z56eWAfY9pkbjE81Uh4Ij>$B^f%KBa}k6}@S*wMHCtrvHG9Nhi&;PMH3{QKpTOAjyn
zy!PjjbNnoPeDwM2yVZ?X=ih()aJ6{;_TZ`Y`sg<NMZDh<*EjJ)<;>xyH|N}o+4a4{
Mdp}OjZk6wU0elY==>Px#

literal 0
HcmV?d00001

diff --git a/secrets/bitwarden/secret.age b/secrets/bitwarden/secret.age
new file mode 100644
index 0000000..bb4a338
--- /dev/null
+++ b/secrets/bitwarden/secret.age
@@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-ed25519 V1pwNA BxPb6d6nlJHiTkbcwOoPrvAPBuR1iJSFAXIp9n23Ix0
+hl0X3RjOEYp2G1QU4SC6CBF5YVlCWiakMsRbGTBYkzs
+-> ssh-ed25519 4PzZog Nf/tUysmhTfzaoHhubwdQ5NKZw5SBd3CEs129FGkuio
+750oaBtfeBEpDuasZFr7RY5uBzFZZNMNGQkRyFfEGCo
+-> ssh-ed25519 5Nd93w fI9TNLWkDkvLCDA8eTMfVw7fRPylWHPGzPupya737xY
+wQcz+yf+EqDNmRWqldNuQjjy9tKc1zN//yumtGpGbaM
+-> ssh-ed25519 q8eJgg T9Iv+fRwmOLYMXe3ur6dqudA1z2wQsKQX6ogkyQT3Fw
+LBYKL2OtLiwq25FkvZjT4H3tu8fOA+KFmFp5vjbncLI
+-> ssh-ed25519 IzAMqA O9JfKAlOUao2S14iczlnTzT2sTSAM1vOR5KjO8eJMG0
+ioTSe6X4E6jE4c9Utl2d6EUHZYilnbtRnB5QJg3S3Q4
+-> 6&-grease
+BkWorA2LiphyWLmdV3AeKsI
+--- +MO1wX7pJf7eq4MkiWSP+xyxThI5jnfseS8jd7LbFoY
+¿ÕWV¥—>ådD­"ð`ûi+€Ç¸ÃæÕ¬ãÂSÐ¼k°H¨Ojt±Ç*âòkßäŒØŒÔ¢9Ë×P
\ No newline at end of file
diff --git a/secrets/ldap/pw.age b/secrets/ldap/pw.age
index 7bcc8ba..84ca23d 100644
--- a/secrets/ldap/pw.age
+++ b/secrets/ldap/pw.age
@@ -1,20 +1,21 @@
 age-encryption.org/v1
--> ssh-ed25519 V1pwNA y4Jn8Hbj1tfjCM5x0uNHYMgFUNDr6KHCcuXoPxlT9RY
-tbBvpE6eGiBTpUdIq4qgZ9JRC9RptiqV+b0xghMITgA
--> ssh-ed25519 4PzZog e+daH2rT2eant/6TKRpcWs6upAMZ3Xw9SnRWtXo/s0Y
-mDvQxqaj2XYnZ0SPMW1CeaWiWBalHt3LsEgHeEwCbQ0
--> ssh-ed25519 5Nd93w AXtyVYaQ2LEIM2rqrh8blQHt51qDfwQ3aiI5RRvgtHo
-sSfCow1fkwpYuT2WQhFzuuDqKIrR0wxBrWxOcrPRC3A
--> ssh-ed25519 q8eJgg LS2iaiXUINhcAv131p1TftyQOBz/efp1+IV2tUkHwDw
-ZW3ktiCi8vTspB6Sc7tq9tSAaDMtyHL5FADXLi9nlxc
--> ssh-ed25519 IzAMqA SH4eaJm8kdw6Pf4eIQGsMx3Wg9dRkEjCkjbpSWPxSGE
-YKTUSXXyswYkfFUdYB963isQXAEaMefQsNIDwCmwt8o
--> ssh-ed25519 uZzB3g W1aPkpNkRJufFmDy+GoWJmwi3a5jp3RWyTiKSPP+2HM
-N+njssQYN1tMmfcvYcFHmPR1gYSom3aJkVsTIHUpslg
--> ssh-ed25519 Hb0ipQ hvEFVHPzRtX2T8AbEk/rWIf5QGDE2kmQFylFVWzHmG0
-NWwpgmqnIMUDFeHynofn+1GTe2nNWI+YOelmuLC7hhI
--> WEEa'-grease \ NIu4o?\m S;\E"U.
-SZy71FpmUaUVoMICsdVcYZ1i4zbDmq4+w/fKB/Dkepm5dX3u3kRimmYdOp7S/s8H
-3GaZ5oFXeBt3Alj6Vw3UizOZjPwWbyyA/Q
---- ARW6OvhJD/OEtsgEnb3x0bf5xBUYaZ0eZzXfvc5K9rw
-H?æô É––EµÏàUPë]·×.Øþ„)S—(‘Í•ì¯XN¢ }4Àþo{Æ¸w	ÌÄe1¼!Qý3¶ž¡…Â¤ÌÒtlÃ;dw½À_‘¦ñ_¹Ý(ùK6F#ñ¥ê_nŽL®(%4%eõB}¡KÏã	‡ii,æú˜IGQ:£Ë\ðéÅ½Uâ§d¦>A<4¿Ÿ]#`Ñ
\ No newline at end of file
+-> ssh-ed25519 V1pwNA 7xMn5rTcihSdgzDvXVBCbcGX8d428ytwBK0G1TOAMBQ
+AYXY36I3DdQc8TJeWknIW8HFRZKXalkwBnJp5J4HjKM
+-> ssh-ed25519 4PzZog +V5lAWzv8+NbK3jZZeCc491F2dLcCMqaVbzX14nPcS8
+c6DqiOextznWRSOtsR8KJmyGSJL+Ubx9jHVSeH0w+zs
+-> ssh-ed25519 5Nd93w 7JnyPksmvytXPorlyoNPrh8BSsZNCAXXILKlS8F+ogk
+iStkE+rT43h0zkgcRehbVTX1wGYZkJj0/zIQilm78Ak
+-> ssh-ed25519 q8eJgg 6EGWaxyf1vDSzdvRU4+XEsVEfaj3K6dE/3tt8MA5YAE
+CrIad5K2lTWlDh7jLZr+nIWtdWpRYg6HVt0HbhmMaMk
+-> ssh-ed25519 IzAMqA eh7mAmV0l35n55rnmMPV6N/MUxrCKT+v7OFKNZlakgU
+6cBUHDuHX6/5x84WFIbxlVVtIyx4eiJaGB9TP718u2A
+-> ssh-ed25519 uZzB3g RbnBlsD9bSqG2W6RC8eWFhV3hVSx6ItFbH+irxa+uFk
+mNGkTJODGb+anzqrWIX53AfUfMBjhZMdRF4ZGmT+bBM
+-> ssh-ed25519 Hb0ipQ 9dQNJXGE3uIVPGLi2J/TCVW2xPem/qwKAEq/GPzEl0E
+VTQYcZjCUTkom7bloTaIvR+/fA4rNwBUU2YzCUX1sss
+-> ssh-ed25519 IzAMqA Q/SCKGBzFVtk2fkXYF4cyWWSdGG8BiSztPLHyr3UnCQ
+l75JzJC9hRp34yA3cBUkDOupA4UTifxSwVNqb+aWXZk
+-> T4-grease & M~o 5A#" =^Z3b:
+oI4xOpmGL8b+HPrdKyMomAuW2AfCqCvXxbIv7NSA+nd1dYH/QFuw
+--- vSy8f0+j42gCL0K7N8yZlWajUMwKKtGptqKP6ajbW1U
+wÏ‘µm*¶¡tX§t.JúhA»Þž*Á²ÓŠå‰æQŽh™ÏwÿËÍaZŒÅœ!Ï6`ÔéËSXÀéÙ×puãïl¨¼²9nÒË‹lÁÎÄi&áC÷áæf Ö¥:v^Ÿ=Ò$1=‚¡ãg¢¹ycK…µ‘kÚ@ê@Z¹cŠ­#Ì™ëÅd#e”›_.þ(6´8Þ
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 33ecbb3..3cdbeec 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -117,7 +117,7 @@ in {
   "gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners;
 
   # for ldap
-  "ldap/pw.age".publicKeys = users ++ ldap;
+  "ldap/pw.age".publicKeys = users ++ ldap ++ bitwarden;
   # for use connectring to teh ldap
   "ldap/details.age".publicKeys = users ++ ldap ++ discord ++ bitwarden;
 
@@ -139,6 +139,7 @@ in {
   "wolves/details.age".publicKeys = users ++ ldap ++ discord;
 
   # for bitwarden connector
-  "bitwarden/api.age".publicKeys = users ++ bitwarden;
+  "bitwarden/id.age".publicKeys = users ++ bitwarden;
+  "bitwarden/secret.age".publicKeys = users ++ bitwarden;
   "bitwarden/details.age".publicKeys = users ++ bitwarden;
 }