moving toward a more robust implementation with help from chatgpt

prod.sh

@@ -0,0 +1,143 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC1090
+
+# Bash3 Boilerplate Setup
+set -o errexit
+set -o nounset
+set -o pipefail
+IFS=$'\n\t'
+
+# Constants
+readonly SCRIPT_NAME=$(basename "$0")
+readonly SCRIPT_VERSION="1.0"
+readonly SCRIPT_AUTHOR="Charles N Wyble"
+readonly SCRIPT_DESC="TSYS Secrets Manager - Fetch secrets using the Bitwarden CLI"
+
+# Configuration
+readonly BW_SERVER_URL="https://pwvault.turnsys.com"  # Updated Bitwarden server URL
+
+# Logging and Debugging
+readonly LOG_FILE="/tmp/${SCRIPT_NAME}.log"
+readonly TIMESTAMP=$(date '+%m-%d-%Y %H:%M:%S')
+info() { echo "[INFO] [$TIMESTAMP] $*" | tee -a "$LOG_FILE"; }
+error() { echo "[ERROR] [$TIMESTAMP] $*" >&2 | tee -a "$LOG_FILE"; }
+
+# Default Exit Codes
+readonly ERR_BW_NOT_INSTALLED=10
+readonly ERR_BW_SERVER_CONFIG=20
+readonly ERR_SESSION_INVALID=30
+readonly ERR_SECRET_NOT_FOUND=40
+
+# Cleanup function to unset session environment variable
+cleanup() {
+    info "Cleaning up and unsetting session environment variable."
+    unset BW_SESSION
+}
+
+# Function: Setup Bitwarden server configuration
+setup_bitwarden_server() {
+    info "Configuring Bitwarden server to $BW_SERVER_URL..."
+    # Set the server URL for Bitwarden CLI
+    if ! bw config --quiet server "$BW_SERVER_URL"; then
+        error "Failed to configure Bitwarden server."
+        exit $ERR_BW_SERVER_CONFIG
+    fi
+    info "Bitwarden server configured successfully."
+}
+
+# Function: Fetch or initialize Bitwarden session
+fetch_bw_session() {
+    local session_token
+
+    # Check if Bitwarden CLI is installed
+    if ! command -v bw &>/dev/null; then
+        error "Bitwarden CLI (bw) is not installed or not in PATH. Please install it and try again."
+        exit $ERR_BW_NOT_INSTALLED
+    fi
+
+    # Check for existing session environment variable and reuse if valid
+    if [[ -n "${BW_SESSION:-}" ]] && bw unlock --check --session "$BW_SESSION" >/dev/null 2>&1; then
+        info "Using existing Bitwarden session token."
+        return
+    fi
+
+    # Unlock the Bitwarden vault and obtain a new session token
+    info "Unlocking Bitwarden vault..."
+
+    bw login --apikey $BW_CLIENTID $BW_CLIENTSECRET
+
+    session_token=$(bw unlock --passwordenv TSYS_BW_PASSWORD_REACHABLECEO --raw)
+    if [[ -z "$session_token" ]]; then
+        error "Failed to unlock Bitwarden vault. Ensure you're logged in using 'bw login'."
+        exit $ERR_SESSION_INVALID
+    fi
+
+    export BW_SESSION="$session_token"
+    info "Session initialized successfully."
+}
+
+# Function: Fetch a secret by name
+fetch_secret() {
+    local secret_name="$1"
+    local secret_value
+
+    info "Fetching secret '$secret_name' from Bitwarden..."
+    if ! secret_value=$(bw get password "$secret_name" --session "$BW_SESSION"); then
+        error "Failed to retrieve the secret '$secret_name'. Ensure the secret exists in the vault."
+        exit $ERR_SECRET_NOT_FOUND
+    fi
+
+    if [[ -z "$secret_value" ]]; then
+        error "Secret '$secret_name' is empty or not found. Check the vault for proper configuration."
+        exit $ERR_SECRET_NOT_FOUND
+    fi
+
+}
+
+# Function: Display usage instructions
+usage() {
+    cat <<EOF
+$SCRIPT_DESC
+
+Usage:
+  $SCRIPT_NAME <secret_name>
+
+Options:
+  -h, --help    Display this help message.
+
+Example:
+  $SCRIPT_NAME tsys_api_key
+EOF
+}
+
+# Main function
+main() {
+
+    bw logout || true
+
+    source D:/tsys/secrets/bitwarden/data/apikey-bitwarden-reachableceo
+
+    local secret_name="$1"
+
+    # Setup Bitwarden server and session management
+    setup_bitwarden_server
+    fetch_bw_session
+
+    # Fetch the specified secret
+    secret_value=$(fetch_secret "$secret_name")
+    info "Secret '$secret_name' fetched successfully."
+
+    echo "Secret value is: $secret_value"
+
+}
+
+# Trap signals (Ctrl+C, kill, etc.) to ensure cleanup happens
+trap cleanup EXIT INT TERM
+
+# Argument parsing
+if [[ $# -lt 1 ]] || [[ "$1" == "-h" ]] || [[ "$1" == "--help" ]]; then
+    usage
+    exit 0
+fi
+
+main "$1"