Maj Scripts vers BitWarden

scripts/load-global-secrets.sh

@@ -3,48 +3,56 @@
 _load_global_secrets() {
   source "$LEADTECH/scripts/env_paths.sh" || { echo "env_paths.sh introuvable" >&2; return 1; }
 
-  if [ ! -f "$SECRETS_KDBX" ]; then
-    echo "Coffre introuvable : $SECRETS_KDBX" >&2
+  if ! command -v bw >/dev/null 2>&1; then
+    echo "bw (Bitwarden CLI) introuvable" >&2
     return 1
   fi
 
-  if ! command -v keepassxc-cli >/dev/null 2>&1; then
-    echo "keepassxc-cli introuvable" >&2
-    return 1
-  fi
+  # Configurer le serveur si pas déjà fait
+  bw config server "$BW_SERVER_URL" >/dev/null 2>&1
 
-  if [ -z "${KDBX_PASSWORD:-}" ]; then
-    printf "Mot de passe KeePassXC : " >&2
+  # Demander le master password si pas en variable
+  if [ -z "${BW_MASTER_PASSWORD:-}" ]; then
+    printf "Master password Bitwarden : " >&2
     stty -echo
-    IFS= read -r KDBX_PASSWORD
+    IFS= read -r BW_MASTER_PASSWORD
     stty echo
     printf '\n' >&2
   fi
 
+  # Unlock et récupérer le session token
+  local session
+  session=$(BW_MASTER_PASSWORD="$BW_MASTER_PASSWORD" bw unlock --passwordenv BW_MASTER_PASSWORD --raw 2>/dev/null)
+  if [ -z "$session" ]; then
+    echo "Échec du déverrouillage Bitwarden." >&2
+    return 1
+  fi
+  export BW_SESSION="$session"
+
   echo "Chargement des secrets globaux..." >&2
 
-  local csv
-  csv=$(printf '%s\n' "$KDBX_PASSWORD" | keepassxc-cli export --format csv "$SECRETS_KDBX" 2>/dev/null) || {
-    echo "Impossible d'exporter le coffre." >&2
+  # Récupérer l'id du dossier "global"
+  local folder_id
+  folder_id=$(bw list folders --session "$BW_SESSION" 2>/dev/null \
+    | python3 -c "import sys,json; folders=json.load(sys.stdin); print(next((f['id'] for f in folders if f['name']=='global'), ''))")
+
+  if [ -z "$folder_id" ]; then
+    echo "Dossier 'global' introuvable dans Bitwarden." >&2
     return 1
-  }
+  fi
 
+  # Lister les items du dossier et extraire TITRE=password
   local pairs
-  pairs=$(printf '%s' "$csv" | python3 -c "
-import sys, csv, re, io
+  pairs=$(bw list items --folderid "$folder_id" --session "$BW_SESSION" 2>/dev/null \
+    | python3 -c "
+import sys, json, re
 
-raw = sys.stdin.read()
-start = raw.find('\"Group\"')
-if start == -1:
-    sys.exit(0)
-reader = csv.DictReader(io.StringIO(raw[start:]))
-for row in reader:
-    group = row.get('Group', '')
-    title = row.get('Title', '')
-    password = row.get('Password', '')
-    if group != 'Racine/global' and not group.startswith('Racine/global/'):
-        continue
-    if not re.match(r'^[A-Z_][A-Z0-9_]*\$', title):
+items = json.load(sys.stdin)
+for item in items:
+    title = item.get('name', '')
+    password = (item.get('login') or {}).get('password') or ''
+    password = password.strip()
+    if not re.match(r'^[A-Z_][A-Z0-9_]*$', title):
         continue
     if not password:
         continue