dotfiles/bin/pw

#!/bin/bash
set -euo pipefail

purge=0
ttl=${PW_TTL:-259200}

usage() { echo "Usage: $0 [-t SECONDS] [-f]" 1>&2; exit 1; }

while getopts ":ft:" o; do
  case "${o}" in
    f)
      purge=1
      ;;
    t)
      ttl=${OPTARG}
      ;;
    *)
      usage
      ;;
  esac
done
shift $((OPTIND-1))

var="$1"
shift

if [ -z "${var}" ]; then
    usage
fi

key="pw.${var}"
if [ "${purge}" == "1" ]; then
  keyctl purge user "${key}" >>/dev/null 2>&1 || true
fi
out=$(systemd-ask-password --accept-cached --keyname="${key}" "${var}:")
key_id=$(keyctl request user "${key}" 2>/dev/null)
keyctl timeout "$key_id" "$ttl"
printf "%s" "$out"
pw: replace pwenv with a script that just outputs a secret to stdout, for flexibility 2022-08-31 10:47:18 +02:00			`#!/bin/bash`
			`set -euo pipefail`

			`purge=0`
			`ttl=${PW_TTL:-259200}`

			`usage() { echo "Usage: $0 [-t SECONDS] [-f]" 1>&2; exit 1; }`

			`while getopts ":ft:" o; do`
			`case "${o}" in`
			`f)`
			`purge=1`
			`;;`
			`t)`
			`ttl=${OPTARG}`
			`;;`
			`*)`
			`usage`
			`;;`
			`esac`
			`done`
			`shift $((OPTIND-1))`

			`var="$1"`
			`shift`

			`if [ -z "${var}" ]; then`
			`usage`
			`fi`

			`key="pw.${var}"`
			`if [ "${purge}" == "1" ]; then`
			`keyctl purge user "${key}" >>/dev/null 2>&1 \|\| true`
			`fi`
			`out=$(systemd-ask-password --accept-cached --keyname="${key}" "${var}:")`
			`key_id=$(keyctl request user "${key}" 2>/dev/null)`
			`keyctl timeout "$key_id" "$ttl"`
			`printf "%s" "$out"`