diff --git a/scripts/load-global-secrets.sh b/scripts/load-global-secrets.sh index 832aabd..eaec94c 100755 --- a/scripts/load-global-secrets.sh +++ b/scripts/load-global-secrets.sh @@ -53,7 +53,7 @@ EOF title="${title//\"/}" password="${password//\"/}" - [[ "$group" != "Racine/global" && "$group" != "Racine/global/"* ]] && continue + [[ "$group" != "global" && "$group" != "global/"* ]] && continue local var_name="$title" if ! printf '%s' "$var_name" | grep -Eq '^[A-Z_][A-Z0-9_]*$'; then diff --git a/scripts/sync-project-secrets.sh b/scripts/sync-project-secrets.sh index 98f2a74..989127c 100755 --- a/scripts/sync-project-secrets.sh +++ b/scripts/sync-project-secrets.sh @@ -21,11 +21,11 @@ _sync_project_secrets() { # Nom du projet = nom du dossier courant local project_name project_name="$(basename "$PWD")" - local kdbx_group="Racine/projects/$project_name" + local entry_path="projects/$project_name" local target_file="$PWD/.env" echo "Projet détecté : $project_name" >&2 - echo "Groupe KeePass : $kdbx_group" >&2 + echo "Entrée KeePass : $entry_path" >&2 if [ -z "${KDBX_PASSWORD:-}" ]; then printf "Mot de passe KeePassXC : " >&2 @@ -35,14 +35,14 @@ _sync_project_secrets() { printf '\n' >&2 fi - echo "Sync des secrets projet..." >&2 + echo "Récupération des secrets projet..." >&2 - # Export CSV complet — une seule ouverture du coffre - local csv - csv=$(KDBX_PASSWORD="$KDBX_PASSWORD" SECRETS_KDBX="$SECRETS_KDBX" expect <<'EOF' + # Lire le champ Notes de l'entrée — une seule ouverture du coffre + local notes + notes=$(KDBX_PASSWORD="$KDBX_PASSWORD" SECRETS_KDBX="$SECRETS_KDBX" ENTRY_PATH="$entry_path" expect <<'EOF' log_user 0 - set timeout 30 - spawn keepassxc-cli export --format csv $env(SECRETS_KDBX) + set timeout 15 + spawn keepassxc-cli show -a notes $env(SECRETS_KDBX) $env(ENTRY_PATH) expect "Saisir le mot de passe pour déverrouiller*" send -- "$env(KDBX_PASSWORD)\r" expect eof @@ -51,43 +51,24 @@ _sync_project_secrets() { exit [lindex $result 3] EOF ) || { - echo "Impossible d'exporter le coffre." >&2 + echo "Impossible de lire l'entrée '$entry_path'." >&2 return 1 } - local rendered_lines="" - local loaded=0 - - while IFS=',' read -r group title username password rest; do - group="${group//\"/}" - title="${title//\"/}" - password="${password//\"/}" - - [[ "$group" != "$kdbx_group" && "$group" != "$kdbx_group/"* ]] && continue - - local var_name="$title" - if ! printf '%s' "$var_name" | grep -Eq '^[A-Z_][A-Z0-9_]*$'; then - echo "Nom invalide ignoré : $var_name" >&2 - continue - fi - - [ -z "$password" ] && { echo "Valeur vide ignorée : $var_name" >&2; continue; } - - rendered_lines+="$var_name=$password"$'\n' - loaded=$((loaded + 1)) - - done <<< "$csv" - - if [ "$loaded" -eq 0 ]; then - echo "Aucun secret trouvé pour le projet '$project_name' (groupe : $kdbx_group)." >&2 + if [ -z "$notes" ]; then + echo "Le champ Notes est vide pour '$project_name'." >&2 return 1 fi - printf '%s' "$rendered_lines" > "$target_file" + # Écrire le .env + printf '%s\n' "$notes" > "$target_file" chmod 600 "$target_file" + local loaded + loaded=$(grep -c '.' "$target_file" || true) + echo "Secrets écrits dans : $target_file" - echo "Secrets chargés : $loaded" + echo "Lignes écrites : $loaded" } _sync_project_secrets diff --git a/scripts/sync-service-secrets.sh b/scripts/sync-service-secrets.sh index 2049bba..4030e57 100755 --- a/scripts/sync-service-secrets.sh +++ b/scripts/sync-service-secrets.sh @@ -70,7 +70,7 @@ EOF password="${password//\"/}" # Filtrer le groupe services - [[ "$group" != "Racine/services" && "$group" != "Racine/services/"* ]] && continue + [[ "$group" != "services" && "$group" != "services/"* ]] && continue # Le nom de variable = titre de l'entrée local var_name="$title"