dln/dotfiles
0
0
Code Issues Pull requests 1 Activity

pw: replace pwenv with a script that just outputs a secret to stdout, for flexibility

Browse source
This commit is contained in:
Daniel Lundin 2022-08-31 10:47:18 +02:00
parent a8c13a639b
commit 3b69577fc5
2 changed files with 39 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
bin/pw Executable file
View file

@ -0,0 +1,39 @@
#!/bin/bash
set -euo pipefail
purge=0
ttl=${PW_TTL:-259200}
usage() { echo "Usage: $0 [-t SECONDS] [-f]" 1>&2; exit 1; }
while getopts ":ft:" o; do
case "${o}" in
f)
purge=1
;;
t)
ttl=${OPTARG}
;;
*)
usage
;;
esac
done
shift $((OPTIND-1))
var="$1"
shift
if [ -z "${var}" ]; then
usage
fi
key="pw.${var}"
if [ "${purge}" == "1" ]; then
keyctl purge user "${key}" >>/dev/null 2>&1 || true
fi
out=$(systemd-ask-password --accept-cached --keyname="${key}" "${var}:")
key_id=$(keyctl request user "${key}" 2>/dev/null)
keyctl timeout "$key_id" "$ttl"
printf "%s" "$out"

42
bin/pwenv
View file

@ -1,42 +0,0 @@
#!/bin/bash
set -eu
purge=0
ttl=259200
usage() { echo "Usage: $0 [-t SECONDS] [-f]" 1>&2; exit 1; }
while getopts ":ft:" o; do
case "${o}" in
f)
purge=1
;;
t)
ttl=${OPTARG}
;;
*)
usage
;;
esac
done
shift $((OPTIND-1))
var="$1"
shift
if [ -z "${var}" ]; then
usage
fi
function get_password() {
key="pwenv.${var}"
if [ "${purge}" == "1" ]; then
keyctl purge user ${key} 2>&1 >>/dev/null || true
fi
out=$(systemd-ask-password --accept-cached --keyname="${key}" "${var}:")
key_id=$(keyctl request user ${key} 2>/dev/null)
keyctl timeout $key_id $ttl
echo $out
}
exec env ${var}=$(get_password) "$@"