diff --git a/bin/bw-login b/bin/bw-login new file mode 100755 index 0000000..4c55805 --- /dev/null +++ b/bin/bw-login @@ -0,0 +1,3 @@ +#!/bin/bash +bw-ssh-add id_rsa id_rsa_embark + diff --git a/bin/bw-ssh-add b/bin/bw-ssh-add new file mode 100755 index 0000000..112a270 --- /dev/null +++ b/bin/bw-ssh-add @@ -0,0 +1,55 @@ +#!/bin/bash +set -eu + +AUTO_LOCK=900 +BW_SESSION= + +exit_error() { + echo "$2" + exit "$1" +} + +ask_password() { + systemd-ask-password --keyname=bw_master --accept-cached --timeout=10 "Master Password: " \ + | bw unlock --raw 2>/dev/null || exit_error $? "Could not unlock vault" +} + +get_session_key() { + if [ $AUTO_LOCK -eq 0 ]; then + keyctl purge user bw_session &>/dev/null + BW_SESSION=$(ask_password) + else + if ! key_id=$(keyctl request user bw_session 2>/dev/null); then + session=$(ask_password) + [[ -z "$session" ]] && exit_error 1 "Could not unlock vault" + key_id=$(echo "$session" | keyctl padd user bw_session @u) + fi + + keyctl timeout "$key_id" $AUTO_LOCK + BW_SESSION=$(keyctl pipe "$key_id") + fi +} + +get_session_key + +folder=$(bw list folders --session ${BW_SESSION} --search ssh | jq -r '.[].id') +items=$(bw list items --session ${BW_SESSION} --folderid ${folder}) + +keys="$@" +if [[ -z "$keys" ]]; then + keys=$(jq -r '.[].name' <<< $items | fzf -1 -0) +fi + +for key in $keys; do + _tmp=$(mktemp -d) + cd $_tmp + mkdir -p $(dirname $key) + ln -s /dev/stdin $key + + function cleanup { + rm -rf $_tmp + } + trap cleanup EXIT + + jq -r ".[] | select(.name == \"${key}\") | .notes" <<< $items | ssh-add $key +done