From 370744986c2bcbac2aad9bb2a47897012e0e4a31 Mon Sep 17 00:00:00 2001
From: Daniel Lundin <daniel@arity.se>
Date: Wed, 31 Aug 2022 12:00:41 +0200
Subject: [PATCH] pw: clean up and write some docs

---
 bin/pw | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/bin/pw b/bin/pw
index 815162d..642ad2a 100755
--- a/bin/pw
+++ b/bin/pw
@@ -1,10 +1,18 @@
 #!/bin/bash
-set -euo pipefail
+#
+# Author: Daniel Lundin <dln@arity.se>
+#
+# Convenience script to hide sensitive variables on the command line.
+# Uses keyctl to store secrets in the keyring.
+#
+# Example usage: mycommand --user=foo --password=$(pw mypass)
+
+set -eo pipefail
 
 purge=0
 ttl=${PW_TTL:-259200}
 
-usage() { echo "Usage: $0 [-t SECONDS] [-f]" 1>&2; exit 1; }
+usage() { echo "Usage: $0 [-t SECONDS] [-f] SECRET_NAME" 1>&2; exit 1; }
 
 while getopts ":ft:" o; do
   case "${o}" in
@@ -22,18 +30,17 @@ done
 shift $((OPTIND-1))
 
 var="$1"
-shift
-
-if [ -z "${var}" ]; then
-    usage
-fi
+shift || usage
+[ -z "$1" ] || usage
 
 key="pw.${var}"
+
 if [ "${purge}" == "1" ]; then
   keyctl purge user "${key}" >>/dev/null 2>&1 || true
 fi
+
 out=$(systemd-ask-password --accept-cached --keyname="${key}" "${var}:")
 key_id=$(keyctl request user "${key}" 2>/dev/null)
 keyctl timeout "$key_id" "$ttl"
-printf "%s" "$out"
 
+printf "%s" "$out"