#!/bin/bash
set -euo pipefail

purge=0
ttl=${PW_TTL:-259200}

usage() { echo "Usage: $0 [-t SECONDS] [-f]" 1>&2; exit 1; }

while getopts ":ft:" o; do
  case "${o}" in
    f)
      purge=1
      ;;
    t)
      ttl=${OPTARG}
      ;;
    *)
      usage
      ;;
  esac
done
shift $((OPTIND-1))

var="$1"
shift

if [ -z "${var}" ]; then
    usage
fi

key="pw.${var}"
if [ "${purge}" == "1" ]; then
  keyctl purge user "${key}" >>/dev/null 2>&1 || true
fi
out=$(systemd-ask-password --accept-cached --keyname="${key}" "${var}:")
key_id=$(keyctl request user "${key}" 2>/dev/null)
keyctl timeout "$key_id" "$ttl"
printf "%s" "$out"