maxime.fleury/_Assistant_Lead_Tech
1
0
Fork 0
mirror of https://github.com/MaksTinyWorkshop/_Assistant_Lead_Tech synced 2026-04-06 13:31:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(scripts): ajout sync-project — génère le .env projet depuis KeePass

Browse Source
This commit is contained in:
MaksTinyWorkshop
2026-03-26 17:18:01 +01:00
parent e134513146
commit 67d1ba5c7c
2 changed files with 97 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
scripts/aliases.sh
View File

@@ -34,3 +34,6 @@ alias loadg="source \"\$LEADTECH/scripts/load-global-secrets.sh\""
# Sync service secrets (KeePass → service.env) # Sync service secrets (KeePass → service.env)
alias sync-service="source \"\$LEADTECH/scripts/sync-service-secrets.sh\"" alias sync-service="source \"\$LEADTECH/scripts/sync-service-secrets.sh\""
# Sync project secrets (KeePass → .env du projet courant)
alias sync-project="source \"\$LEADTECH/scripts/sync-project-secrets.sh\""

94
scripts/sync-project-secrets.sh Executable file
View File

@@ -0,0 +1,94 @@
#!/usr/bin/env bash
_sync_project_secrets() {
source "$LEADTECH/scripts/env_paths.sh" || { echo "env_paths.sh introuvable" >&2; return 1; }
if [ ! -f "$SECRETS_KDBX" ]; then
echo "Coffre introuvable : $SECRETS_KDBX" >&2
return 1
fi
if ! command -v keepassxc-cli >/dev/null 2>&1; then
echo "keepassxc-cli introuvable" >&2
return 1
fi
if ! command -v expect >/dev/null 2>&1; then
echo "expect introuvable" >&2
return 1
fi
# Nom du projet = nom du dossier courant
local project_name
project_name="$(basename "$PWD")"
local kdbx_group="Racine/projects/$project_name"
local target_file="$PWD/.env"
echo "Projet détecté : $project_name" >&2
echo "Groupe KeePass : $kdbx_group" >&2
if [ -z "${KDBX_PASSWORD:-}" ]; then
printf "Mot de passe KeePassXC : " >&2
stty -echo
IFS= read -r KDBX_PASSWORD
stty echo
printf '\n' >&2
fi
echo "Sync des secrets projet..." >&2
# Export CSV complet — une seule ouverture du coffre
local csv
csv=$(KDBX_PASSWORD="$KDBX_PASSWORD" SECRETS_KDBX="$SECRETS_KDBX" expect <<'EOF'
log_user 0
set timeout 30
spawn keepassxc-cli export --format csv $env(SECRETS_KDBX)
expect "Saisir le mot de passe pour déverrouiller*"
send -- "$env(KDBX_PASSWORD)\r"
expect eof
catch wait result
puts -nonewline $expect_out(buffer)
exit [lindex $result 3]
EOF
) || {
echo "Impossible d'exporter le coffre." >&2
return 1
}
local rendered_lines=""
local loaded=0
while IFS=',' read -r group title username password rest; do
group="${group//\"/}"
title="${title//\"/}"
password="${password//\"/}"
[[ "$group" != "$kdbx_group" && "$group" != "$kdbx_group/"* ]] && continue
local var_name="$title"
if ! printf '%s' "$var_name" | grep -Eq '^[A-Z_][A-Z0-9_]*$'; then
echo "Nom invalide ignoré : $var_name" >&2
continue
fi
[ -z "$password" ] && { echo "Valeur vide ignorée : $var_name" >&2; continue; }
rendered_lines+="$var_name=$password"$'\n'
loaded=$((loaded + 1))
done <<< "$csv"
if [ "$loaded" -eq 0 ]; then
echo "Aucun secret trouvé pour le projet '$project_name' (groupe : $kdbx_group)." >&2
return 1
fi
printf '%s' "$rendered_lines" > "$target_file"
chmod 600 "$target_file"
echo "Secrets écrits dans : $target_file"
echo "Secrets chargés : $loaded"
}
_sync_project_secrets
unset -f _sync_project_secrets