Maj Scripts vers BitWarden

scripts/sync-project-secrets.sh

@@ -3,64 +3,67 @@
 _sync_project_secrets() {
   source "$LEADTECH/scripts/env_paths.sh" || { echo "env_paths.sh introuvable" >&2; return 1; }
 
-  if [ ! -f "$SECRETS_KDBX" ]; then
-    echo "Coffre introuvable : $SECRETS_KDBX" >&2
+  if ! command -v bw >/dev/null 2>&1; then
+    echo "bw (Bitwarden CLI) introuvable" >&2
     return 1
   fi
 
-  if ! command -v keepassxc-cli >/dev/null 2>&1; then
-    echo "keepassxc-cli introuvable" >&2
-    return 1
-  fi
+  bw config server "$BW_SERVER_URL" >/dev/null 2>&1
 
-  if ! command -v expect >/dev/null 2>&1; then
-    echo "expect introuvable" >&2
-    return 1
-  fi
-
-  # Nom du projet = nom du dossier courant
   local project_name
   project_name="$(basename "$PWD")"
-  local entry_path="projects/$project_name"
   local target_file="$PWD/.env"
 
   echo "Projet détecté : $project_name" >&2
-  echo "Entrée KeePass : $entry_path" >&2
 
-  if [ -z "${KDBX_PASSWORD:-}" ]; then
-    printf "Mot de passe KeePassXC : " >&2
-    stty -echo
-    IFS= read -r KDBX_PASSWORD
-    stty echo
-    printf '\n' >&2
+  # Unlock si pas de session active
+  if [ -z "${BW_SESSION:-}" ]; then
+    if [ -z "${BW_MASTER_PASSWORD:-}" ]; then
+      printf "Master password Bitwarden : " >&2
+      stty -echo
+      IFS= read -r BW_MASTER_PASSWORD
+      stty echo
+      printf '\n' >&2
+    fi
+    BW_SESSION=$(BW_MASTER_PASSWORD="$BW_MASTER_PASSWORD" bw unlock --passwordenv BW_MASTER_PASSWORD --raw 2>/dev/null)
+    if [ -z "$BW_SESSION" ]; then
+      echo "Échec du déverrouillage Bitwarden." >&2
+      return 1
+    fi
+    export BW_SESSION
   fi
 
   echo "Récupération des secrets projet..." >&2
 
-  # Lire le champ Notes de l'entrée — une seule ouverture du coffre
-  local notes
-  notes=$(KDBX_PASSWORD="$KDBX_PASSWORD" SECRETS_KDBX="$SECRETS_KDBX" ENTRY_PATH="$entry_path" expect <<'EOF'
-    log_user 0
-    set timeout 15
-    spawn keepassxc-cli show -a notes $env(SECRETS_KDBX) $env(ENTRY_PATH)
-    expect "Saisir le mot de passe pour déverrouiller*"
-    send -- "$env(KDBX_PASSWORD)\r"
-    expect eof
-    catch wait result
-    puts -nonewline $expect_out(buffer)
-    exit [lindex $result 3]
-EOF
-  ) || {
-    echo "Impossible de lire l'entrée '$entry_path'." >&2
-    return 1
-  }
+  # Récupérer l'id du dossier "projects/<project_name>"
+  local folder_name="projects/$project_name"
+  local folder_id
+  folder_id=$(bw list folders --session "$BW_SESSION" 2>/dev/null \
+    | python3 -c "import sys,json; folders=json.load(sys.stdin); print(next((f['id'] for f in folders if f['name']=='$folder_name'), ''))")
 
-  if [ -z "$notes" ]; then
-    echo "Le champ Notes est vide pour '$project_name'." >&2
+  if [ -z "$folder_id" ]; then
+    echo "Dossier '$folder_name' introuvable dans Bitwarden." >&2
+    return 1
+  fi
+
+  # Chercher l'item dont le nom == project_name dans ce dossier
+  local notes
+  notes=$(bw list items --folderid "$folder_id" --session "$BW_SESSION" 2>/dev/null \
+    | python3 -c "
+import sys, json
+
+items = json.load(sys.stdin)
+for item in items:
+    if item.get('name') == '$project_name':
+        print((item.get('notes') or '').strip())
+        break
+")
+
+  if [ -z "$notes" ]; then
+    echo "Aucune note trouvée pour '$project_name' dans Bitwarden." >&2
     return 1
   fi
 
-  # Écrire le .env
   printf '%s\n' "$notes" > "$target_file"
   chmod 600 "$target_file"