KNEL/KNELSecretsManager
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d245525aa0
KNELSecretsManager/prod.sh

144 lines
3.8 KiB
Bash
Raw Normal View History

moving toward a more robust implementation with help from chatgpt
2024-12-04 22:52:23 +00:00
#!/usr/bin/env bash
# shellcheck disable=SC1090
# Bash3 Boilerplate Setup
set -o errexit
set -o nounset
set -o pipefail
IFS=$'\n\t'
# Constants
readonly SCRIPT_NAME=$(basename "$0")
readonly SCRIPT_VERSION="1.0"
readonly SCRIPT_AUTHOR="Charles N Wyble"
readonly SCRIPT_DESC="TSYS Secrets Manager - Fetch secrets using the Bitwarden CLI"
# Configuration
readonly BW_SERVER_URL="https://pwvault.turnsys.com" # Updated Bitwarden server URL
# Logging and Debugging
readonly LOG_FILE="/tmp/${SCRIPT_NAME}.log"
readonly TIMESTAMP=$(date '+%m-%d-%Y %H:%M:%S')
info() { echo "[INFO] [$TIMESTAMP] $*" | tee -a "$LOG_FILE"; }
error() { echo "[ERROR] [$TIMESTAMP] $*" >&2 | tee -a "$LOG_FILE"; }
# Default Exit Codes
readonly ERR_BW_NOT_INSTALLED=10
readonly ERR_BW_SERVER_CONFIG=20
readonly ERR_SESSION_INVALID=30
readonly ERR_SECRET_NOT_FOUND=40
# Cleanup function to unset session environment variable
cleanup() {
info "Cleaning up and unsetting session environment variable."
unset BW_SESSION
}
# Function: Setup Bitwarden server configuration
setup_bitwarden_server() {
info "Configuring Bitwarden server to $BW_SERVER_URL..."
# Set the server URL for Bitwarden CLI
if ! bw config --quiet server "$BW_SERVER_URL"; then
error "Failed to configure Bitwarden server."
exit $ERR_BW_SERVER_CONFIG
fi
info "Bitwarden server configured successfully."
}
# Function: Fetch or initialize Bitwarden session
fetch_bw_session() {
local session_token
# Check if Bitwarden CLI is installed
if ! command -v bw &>/dev/null; then
error "Bitwarden CLI (bw) is not installed or not in PATH. Please install it and try again."
exit $ERR_BW_NOT_INSTALLED
fi
# Check for existing session environment variable and reuse if valid
if [[ -n "${BW_SESSION:-}" ]] && bw unlock --check --session "$BW_SESSION" >/dev/null 2>&1; then
info "Using existing Bitwarden session token."
return
fi
# Unlock the Bitwarden vault and obtain a new session token
info "Unlocking Bitwarden vault..."
bw login --apikey $BW_CLIENTID $BW_CLIENTSECRET
session_token=$(bw unlock --passwordenv TSYS_BW_PASSWORD_REACHABLECEO --raw)
if [[ -z "$session_token" ]]; then
error "Failed to unlock Bitwarden vault. Ensure you're logged in using 'bw login'."
exit $ERR_SESSION_INVALID
fi
export BW_SESSION="$session_token"
info "Session initialized successfully."
}
# Function: Fetch a secret by name
fetch_secret() {
local secret_name="$1"
local secret_value
info "Fetching secret '$secret_name' from Bitwarden..."
if ! secret_value=$(bw get password "$secret_name" --session "$BW_SESSION"); then
error "Failed to retrieve the secret '$secret_name'. Ensure the secret exists in the vault."
exit $ERR_SECRET_NOT_FOUND
fi
if [[ -z "$secret_value" ]]; then
error "Secret '$secret_name' is empty or not found. Check the vault for proper configuration."
exit $ERR_SECRET_NOT_FOUND
fi
}
# Function: Display usage instructions
usage() {
cat <<EOF
$SCRIPT_DESC
Usage:
$SCRIPT_NAME <secret_name>
Options:
-h, --help Display this help message.
Example:
$SCRIPT_NAME tsys_api_key
EOF
}
# Main function
main() {
bw logout || true
source D:/tsys/secrets/bitwarden/data/apikey-bitwarden-reachableceo
local secret_name="$1"
# Setup Bitwarden server and session management
setup_bitwarden_server
fetch_bw_session
# Fetch the specified secret
secret_value=$(fetch_secret "$secret_name")
info "Secret '$secret_name' fetched successfully."
echo "Secret value is: $secret_value"
}
# Trap signals (Ctrl+C, kill, etc.) to ensure cleanup happens
trap cleanup EXIT INT TERM
# Argument parsing
if [[ $# -lt 1 ]] || [[ "$1" == "-h" ]] || [[ "$1" == "--help" ]]; then
usage
exit 0
fi
main "$1"
Reference in New Issue Copy Permalink