dln/dotfiles
0
0
Code Issues Pull requests 1 Activity

pw: clean up and write some docs

Browse source
This commit is contained in:
Daniel Lundin 2022-08-31 12:00:41 +02:00
parent 3b69577fc5
commit 370744986c
1 changed files with 15 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
bin/pw
View file

@ -1,10 +1,18 @@
#!/bin/bash #!/bin/bash
set -euo pipefail #
# Author: Daniel Lundin <dln@arity.se>
#
# Convenience script to hide sensitive variables on the command line.
# Uses keyctl to store secrets in the keyring.
#
# Example usage: mycommand --user=foo --password=$(pw mypass)
set -eo pipefail
purge=0 purge=0
ttl=${PW_TTL:-259200} ttl=${PW_TTL:-259200}
usage() { echo "Usage: $0 [-t SECONDS] [-f]" 1>&2; exit 1; } usage() { echo "Usage: $0 [-t SECONDS] [-f] SECRET_NAME" 1>&2; exit 1; }
while getopts ":ft:" o; do while getopts ":ft:" o; do
case "${o}" in case "${o}" in
@ -22,18 +30,17 @@ done
shift $((OPTIND-1)) shift $((OPTIND-1))
var="$1" var="$1"
shift shift || usage
[ -z "$1" ] || usage
if [ -z "${var}" ]; then
usage
fi
key="pw.${var}" key="pw.${var}"
if [ "${purge}" == "1" ]; then if [ "${purge}" == "1" ]; then
keyctl purge user "${key}" >>/dev/null 2>&1 || true keyctl purge user "${key}" >>/dev/null 2>&1 || true
fi fi
out=$(systemd-ask-password --accept-cached --keyname="${key}" "${var}:") out=$(systemd-ask-password --accept-cached --keyname="${key}" "${var}:")
key_id=$(keyctl request user "${key}" 2>/dev/null) key_id=$(keyctl request user "${key}" 2>/dev/null)
keyctl timeout "$key_id" "$ttl" keyctl timeout "$key_id" "$ttl"
printf "%s" "$out"
printf "%s" "$out"