feat: Complete rewrite of secrets management with production-ready bash script

Major enhancements:
- New secrets-manager.sh script with comprehensive functionality
- Automated Bitwarden CLI installation (snap/npm/direct download)
- Configuration file management with sample template
- Multiple commands: install, get, list, test
- Robust error handling with specific exit codes
- Comprehensive logging and session cleanup
- Security improvements: proper gitignore, credential protection

Documentation:
- Complete README rewrite with detailed usage examples
- Installation instructions and troubleshooting guide
- Command reference and error code documentation
- Security considerations and best practices

Files added:
- secrets-manager.sh: Main production script (replaces poc.sh approach)
- bitwarden-config.conf.sample: Configuration template
- .gitignore: Protects credentials and temporary files

This version combines lessons learned from poc.sh and prod.sh attempts,
providing a single, reliable solution for Bitwarden CLI management on Linux.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

README.md

@@ -1,3 +1,167 @@
-# TSYSSecretsManager
+# TSYS Secrets Manager
 
-Managing secrets at TSYS using bitwarden/envwarden/our own glue code.
+A comprehensive bash script solution for managing secrets at TSYS using the Bitwarden CLI. This tool provides automated installation, configuration, and secure secret retrieval from your Bitwarden vault.
+
+## Features
+
+- **Automated Installation**: Automatically detects and installs Bitwarden CLI via multiple methods (snap, npm, direct download)
+- **Configuration Management**: Uses secure configuration files for server and authentication details
+- **Multiple Commands**: Support for installation, secret retrieval, listing, and testing
+- **Robust Error Handling**: Comprehensive error codes and detailed logging
+- **Security-First**: Proper session management, cleanup, and credential handling
+- **Cross-Platform**: Designed for Linux environments with multiple installation fallbacks
+
+## Quick Start
+
+1. **Clone and Setup**:
+   ```bash
+   git clone <repository-url>
+   cd KNELSecretsManager
+   chmod +x secrets-manager.sh
+   ```
+
+2. **Create Configuration**:
+   ```bash
+   cp bitwarden-config.conf.sample bitwarden-config.conf
+   # Edit bitwarden-config.conf with your actual Bitwarden credentials
+   ```
+
+3. **Install Bitwarden CLI** (if not already installed):
+   ```bash
+   ./secrets-manager.sh install
+   ```
+
+4. **Test Your Setup**:
+   ```bash
+   ./secrets-manager.sh test
+   ```
+
+5. **Retrieve Secrets**:
+   ```bash
+   ./secrets-manager.sh get APIKEY-pushover
+   ```
+
+## Configuration
+
+Create a `bitwarden-config.conf` file based on the provided sample:
+
+```bash
+# Bitwarden server URL
+BW_SERVER_URL="https://pwvault.turnsys.com"
+
+# API credentials (from Bitwarden account settings)
+BW_CLIENTID="your_client_id_here"
+BW_CLIENTSECRET="your_client_secret_here"
+
+# Master password
+BW_PASSWORD="your_master_password_here"
+```
+
+**Security Note**: The actual configuration file is automatically ignored by git to prevent credential exposure.
+
+## Usage
+
+### Command Reference
+
+```bash
+./secrets-manager.sh [OPTIONS] COMMAND [ARGS]
+```
+
+#### Commands
+
+- **`install`** - Install Bitwarden CLI
+- **`get <secret_name>`** - Retrieve a specific secret
+- **`list`** - List all available secrets in your vault
+- **`test`** - Test configuration and connectivity
+
+#### Options
+
+- **`-c, --config FILE`** - Use specific config file (default: `./bitwarden-config.conf`)
+- **`-h, --help`** - Show help message
+- **`-v, --version`** - Show version information
+
+### Examples
+
+```bash
+# Install Bitwarden CLI
+./secrets-manager.sh install
+
+# Test your configuration
+./secrets-manager.sh test
+
+# Get a specific secret
+./secrets-manager.sh get APIKEY-pushover
+
+# List all available secrets
+./secrets-manager.sh list
+
+# Use a custom config file
+./secrets-manager.sh --config /path/to/custom.conf get my-secret
+```
+
+### Using in Scripts
+
+```bash
+#!/bin/bash
+# Example: Load API key into environment variable
+export PUSHOVER_API="$(./secrets-manager.sh get APIKEY-pushover)"
+
+# Use the secret in your application
+curl -X POST "https://api.pushover.net/1/messages.json" \
+  -d "token=$PUSHOVER_API" \
+  -d "user=your_user_key" \
+  -d "message=Hello from TSYS!"
+```
+
+## Installation Methods
+
+The script automatically tries multiple installation methods in order:
+
+1. **Snap Package** (if snapd is available)
+2. **NPM Global Package** (if npm is available)
+3. **Direct Binary Download** (fallback method)
+
+## Error Codes
+
+| Code | Description |
+|------|-------------|
+| 10   | Configuration file not found |
+| 20   | Bitwarden CLI not installed |
+| 30   | Bitwarden CLI installation failed |
+| 40   | Server configuration failed |
+| 50   | Session/unlock failed |
+| 60   | Secret not found |
+| 70   | Login failed |
+
+## Logging
+
+All operations are logged to `/tmp/secrets-manager.sh.log` for debugging and audit purposes.
+
+## Security Considerations
+
+- Configuration files containing credentials are automatically gitignored
+- Session tokens are properly cleaned up on script exit
+- Master passwords are handled securely without shell history exposure
+- All sensitive operations include proper error handling
+
+## Legacy Scripts
+
+This repository also contains previous implementations:
+
+- **`poc.sh`** - Original proof of concept
+- **`prod.sh`** - ChatGPT-assisted production attempt
+
+The new `secrets-manager.sh` combines the best features of both while adding robust error handling, installation management, and improved security.
+
+## Contributing
+
+When contributing to this project:
+
+1. Test all changes thoroughly
+2. Update documentation as needed
+3. Follow existing code style and conventions
+4. Ensure security best practices are maintained
+
+## License
+
+See [LICENSE](LICENSE) file for details.