From 16a9706a7ce9c101b8665abdea92bcb86b1fed15 Mon Sep 17 00:00:00 2001
From: egg <egg95@protonmail.com>
Date: Tue, 23 Sep 2025 20:30:07 -0700
Subject: [PATCH] Allow for custom CA cert path with BITWARDEN_APP_CACERTS env
 var

---
 src/bitwarden_api.py | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/bitwarden_api.py b/src/bitwarden_api.py
index 6b60390..005461c 100644
--- a/src/bitwarden_api.py
+++ b/src/bitwarden_api.py
@@ -39,16 +39,21 @@ def _join_urls(base: str, *paths: str):
 
 
 def _get_custom_ca_certificate_location() -> Optional[str]:
-    if 'SPLUNK_HOME' not in os.environ:
-        return None
+    app_cacerts_file = os.getenv("BITWARDEN_APP_CACERTS")
 
-    app_cacerts_file = os.path.join(os.environ.get('SPLUNK_HOME'), 'etc', 'auth',
+    if app_cacerts_file and os.path.isfile(app_cacerts_file):
+        return app_cacerts_file
+
+    splunk_home = os.getenv("SPLUNK_HOME")
+
+    if splunk_home:
+        app_cacerts_file = os.path.join(splunk_home, 'etc', 'auth',
                                     'bitwarden_event_logs_cacerts.pem')
-    if not os.path.isfile(app_cacerts_file):
-        return None
 
-    return app_cacerts_file
+        if os.path.isfile(app_cacerts_file):
+            return app_cacerts_file
 
+    return None
 
 class BitwardenApi:
     def __init__(self, api_config: BitwardenApiConfig):