The Luna Household Server manages secrets using BitWarden.

Bitwarden has an unofficial Terraform provider.

Bitwarden can be accessed via CLI and can be connected to via an API key (managed in the BitWarden vault.)

Exposing items in Terraform requires identifying their id property in Bitwarden, not something that is generally available from the UI.

To determine the id of a secret, search for it in the CLI after logging in.

bw list items --search "MyHappySecret" | jq '.[] .id'

This is deployed into the cluster via this project.