maxime.fleury/_Assistant_Lead_Tech
1
0
Fork 0
mirror of https://github.com/MaksTinyWorkshop/_Assistant_Lead_Tech synced 2026-04-06 13:31:43 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
6d56061554ca27f4d7c9b669723de531606ce78c
_Assistant_Lead_Tech/scripts/load-global-secrets.sh
MaksTinyWorkshop a7fecdb1bf Maj Scripts vers BitWarden
2026-03-27 13:00:17 +01:00

79 lines
2.1 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
_load_global_secrets() {
source "$LEADTECH/scripts/env_paths.sh" || { echo "env_paths.sh introuvable" >&2; return 1; }
if ! command -v bw >/dev/null 2>&1; then
echo "bw (Bitwarden CLI) introuvable" >&2
return 1
fi
# Configurer le serveur si pas déjà fait
bw config server "$BW_SERVER_URL" >/dev/null 2>&1
# Demander le master password si pas en variable
if [ -z "${BW_MASTER_PASSWORD:-}" ]; then
printf "Master password Bitwarden : " >&2
stty -echo
IFS= read -r BW_MASTER_PASSWORD
stty echo
printf '\n' >&2
fi
# Unlock et récupérer le session token
local session
session=$(BW_MASTER_PASSWORD="$BW_MASTER_PASSWORD" bw unlock --passwordenv BW_MASTER_PASSWORD --raw 2>/dev/null)
if [ -z "$session" ]; then
echo "Échec du déverrouillage Bitwarden." >&2
return 1
fi
export BW_SESSION="$session"
echo "Chargement des secrets globaux..." >&2
# Récupérer l'id du dossier "global"
local folder_id
folder_id=$(bw list folders --session "$BW_SESSION" 2>/dev/null \
| python3 -c "import sys,json; folders=json.load(sys.stdin); print(next((f['id'] for f in folders if f['name']=='global'), ''))")
if [ -z "$folder_id" ]; then
echo "Dossier 'global' introuvable dans Bitwarden." >&2
return 1
fi
# Lister les items du dossier et extraire TITRE=password
local pairs
pairs=$(bw list items --folderid "$folder_id" --session "$BW_SESSION" 2>/dev/null \
| python3 -c "
import sys, json, re
items = json.load(sys.stdin)
for item in items:
title = item.get('name', '')
password = (item.get('login') or {}).get('password') or ''
password = password.strip()
if not re.match(r'^[A-Z_][A-Z0-9_]*$', title):
continue
if not password:
continue
print(title + '=' + password)
")
if [ -z "$pairs" ]; then
echo "Aucun secret global chargé." >&2
return 1
fi
local loaded=0
while IFS='=' read -r var_name value; do
[ -z "$var_name" ] && continue
export "$var_name=$value"
loaded=$((loaded + 1))
done <<< "$pairs"
echo "Secrets chargés : $loaded"
}
_load_global_secrets
unset -f _load_global_secrets
Reference in New Issue View Git Blame Copy Permalink