maxime.fleury/_Assistant_Lead_Tech
1
0
Fork 0
mirror of https://github.com/MaksTinyWorkshop/_Assistant_Lead_Tech synced 2026-04-06 13:31:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactor(scripts): supprimer expect — passer le mdp via stdin à keepassxc-cli

Browse Source
This commit is contained in:
MaksTinyWorkshop
2026-03-26 18:52:36 +01:00
parent 8aab830b15
commit 8ecc8db217
2 changed files with 12 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
scripts/load-global-secrets.sh
View File

@@ -13,11 +13,6 @@ _load_global_secrets() {
return 1 return 1
fi fi
if ! command -v expect >/dev/null 2>&1; then
echo "expect introuvable" >&2
return 1
fi
if [ -z "${KDBX_PASSWORD:-}" ]; then if [ -z "${KDBX_PASSWORD:-}" ]; then
printf "Mot de passe KeePassXC : " >&2 printf "Mot de passe KeePassXC : " >&2
stty -echo stty -echo
@@ -28,39 +23,21 @@ _load_global_secrets() {
echo "Chargement des secrets globaux..." >&2 echo "Chargement des secrets globaux..." >&2
# Export CSV complet — log_file capture tout dès le début du spawn
local tmpfile
tmpfile=$(mktemp)
KDBX_PASSWORD="$KDBX_PASSWORD" SECRETS_KDBX="$SECRETS_KDBX" TMPFILE="$tmpfile" expect <<'EOF'
log_user 0
log_file -noappend $env(TMPFILE)
set timeout 30
spawn keepassxc-cli export --format csv $env(SECRETS_KDBX)
expect "Saisir le mot de passe pour déverrouiller*"
send -- "$env(KDBX_PASSWORD)\r"
expect eof
catch wait result
exit [lindex $result 3]
EOF
local rc=$?
local csv local csv
csv=$(cat "$tmpfile") csv=$(printf '%s\n' "$KDBX_PASSWORD" | keepassxc-cli export --format csv "$SECRETS_KDBX" 2>/dev/null) || {
rm -f "$tmpfile" echo "Impossible d'exporter le coffre." >&2
[ $rc -ne 0 ] && { echo "Impossible d'exporter le coffre." >&2; return 1; } return 1
}
# Parser le CSV avec python3 — gère les champs multilignes et les virgules dans les valeurs
# On cherche la ligne d'en-tête CSV pour ignorer le bruit du buffer expect
local pairs local pairs
pairs=$(printf '%s' "$csv" | python3 -c " pairs=$(printf '%s' "$csv" | python3 -c "
import sys, csv, re, io import sys, csv, re, io
raw = sys.stdin.read() raw = sys.stdin.read()
# Trouver la ligne d'en-tête CSV
start = raw.find('\"Group\"') start = raw.find('\"Group\"')
if start == -1: if start == -1:
sys.exit(0) sys.exit(0)
clean = raw[start:] reader = csv.DictReader(io.StringIO(raw[start:]))
reader = csv.DictReader(io.StringIO(clean))
for row in reader: for row in reader:
group = row.get('Group', '') group = row.get('Group', '')
title = row.get('Title', '') title = row.get('Title', '')

42
scripts/sync-service-secrets.sh
View File

@@ -13,18 +13,7 @@ _sync_service_secrets() {
return 1 return 1
fi fi
if ! command -v expect >/dev/null 2>&1; then local target_file="$HOME/.config/auto-secrets/service.env"
echo "expect introuvable" >&2
return 1
fi
local target_file
case "$(uname -s)" in
Darwin) target_file="$HOME/.config/auto-secrets/service.env" ;;
Linux) target_file="$HOME/.config/auto-secrets/service.env" ;;
*) echo "OS non supporté" >&2; return 1 ;;
esac
mkdir -p "$(dirname "$target_file")" mkdir -p "$(dirname "$target_file")"
touch "$target_file" touch "$target_file"
chmod 600 "$target_file" chmod 600 "$target_file"
@@ -39,28 +28,12 @@ _sync_service_secrets() {
echo "Sync des secrets de service..." >&2 echo "Sync des secrets de service..." >&2
# Export CSV complet — log_file capture tout dès le début du spawn
local tmpfile
tmpfile=$(mktemp)
KDBX_PASSWORD="$KDBX_PASSWORD" SECRETS_KDBX="$SECRETS_KDBX" TMPFILE="$tmpfile" expect <<'EOF'
log_user 0
log_file -noappend $env(TMPFILE)
set timeout 30
spawn keepassxc-cli export --format csv $env(SECRETS_KDBX)
expect "Saisir le mot de passe pour déverrouiller*"
send -- "$env(KDBX_PASSWORD)\r"
expect eof
catch wait result
exit [lindex $result 3]
EOF
local rc=$?
local csv local csv
csv=$(cat "$tmpfile") csv=$(printf '%s\n' "$KDBX_PASSWORD" | keepassxc-cli export --format csv "$SECRETS_KDBX" 2>/dev/null) || {
rm -f "$tmpfile" echo "Impossible d'exporter le coffre." >&2
[ $rc -ne 0 ] && { echo "Impossible d'exporter le coffre." >&2; return 1; } return 1
}
# Parser le CSV avec python3 — gère les champs multilignes et les virgules dans les valeurs
# On cherche la ligne d'en-tête CSV pour ignorer le bruit du buffer expect
local rendered_lines local rendered_lines
rendered_lines=$(printf '%s' "$csv" | python3 -c " rendered_lines=$(printf '%s' "$csv" | python3 -c "
import sys, csv, re, io import sys, csv, re, io
@@ -69,8 +42,7 @@ raw = sys.stdin.read()
start = raw.find('\"Group\"') start = raw.find('\"Group\"')
if start == -1: if start == -1:
sys.exit(0) sys.exit(0)
clean = raw[start:] reader = csv.DictReader(io.StringIO(raw[start:]))
reader = csv.DictReader(io.StringIO(clean))
for row in reader: for row in reader:
group = row.get('Group', '') group = row.get('Group', '')
title = row.get('Title', '') title = row.get('Title', '')
@@ -90,7 +62,7 @@ for row in reader:
fi fi
local loaded local loaded
loaded=$(echo "$rendered_lines" | grep -c '.') loaded=$(printf '%s' "$rendered_lines" | grep -c '.')
printf '%s\n' "$rendered_lines" > "$target_file" printf '%s\n' "$rendered_lines" > "$target_file"
chmod 600 "$target_file" chmod 600 "$target_file"