mirror of
https://github.com/m-housh/dotfiles.git
synced 2026-02-14 14:12:41 +00:00
80 lines
2.5 KiB
Bash
Executable File
80 lines
2.5 KiB
Bash
Executable File
#!/usr/bin/env zsh
|
|
#
|
|
# An adapter script to use gopass to store and retrieve passwords for ansible vault.
|
|
#
|
|
# When calling from ansible vault it get's passed --vault-id [ID] which is the id
|
|
# of the secret to retrieve.
|
|
#
|
|
|
|
local secretPath="ansible"
|
|
|
|
function usage() {
|
|
cat <<EOF
|
|
|
|
An adapter script that integrates gopass as storage for ansible vault id's.
|
|
|
|
To retreive a secret based on the vault id, then pass the '--vault-id' flag with an
|
|
associated [ID] to look for. (This is generally handled / passed in by the ansible-vault
|
|
command)
|
|
|
|
You can also call this script with the '--set' flag and an [ID] argument
|
|
to create a new secret for the given id. The default behavior of the
|
|
set option is to prompt for the secret, you can optionally pass the '--generate'
|
|
flag to automatically generate a secret. If an [ID] argument is not supplied to
|
|
the set option then we will prompt for the id to store the secret under.
|
|
|
|
Secrets are stored in the default password store at '$secretPath/<ID>'.
|
|
|
|
Usage: vault-gopass-client [-s | --set] [-g | --generate] [--vault-id <ID>] [ID]
|
|
|
|
-s | --set: Set a new secret for the given ID.
|
|
-g | --generate: Used with the set option to automatically generate the secret.
|
|
--vault-id <ID>: Used to retrieve a secret for the given ID.
|
|
-h | --help: Show this usage message.
|
|
|
|
Examples:
|
|
|
|
# Automatically generate a secret for the 'foo' id.
|
|
$ vault-gopass --set --generate foo
|
|
|
|
# Retrieve the secret for 'foo' and print it to stdout.
|
|
$ vault-gopass --vault-id foo
|
|
|
|
EOF
|
|
}
|
|
|
|
# parse the passed in options, failing if unrecognized options are given.
|
|
zparseopts -D -E -F - \
|
|
g=generateFlag -generate=generateFlag \
|
|
h=helpFlag -help=helpFlag \
|
|
s=setFlag -set=setFlag \
|
|
-vault-id:=vaultId \
|
|
|| exit 1
|
|
|
|
# check for the help flag, show usage and exit.
|
|
[ ${#helpFlag} = 1 ] && usage && exit 0
|
|
|
|
if [ ${#vaultId} = 2 ]; then
|
|
# we received the vault-id option, so we print the
|
|
# secret to stdout
|
|
password=$(gopass show --password "$secretPath/${vaultId[-1]}")
|
|
echo "$password"
|
|
exit 0
|
|
elif [ ${#setFlag} = 1 ]; then
|
|
|
|
# Use the first argument as the id, we ask for an id
|
|
# if not supplied.
|
|
local id=$1
|
|
if [ "$id" = "" ]; then
|
|
read -r id\?"Vault ID: "
|
|
fi
|
|
|
|
# Check for generate flag to automatically generate a password.
|
|
[ ${#generateFlag} = 1 ] \
|
|
&& gopass generate "$secretPath/$id" 24 \
|
|
&& exit 0
|
|
|
|
# Insert a password prompting the user to supply it.
|
|
gopass insert "$secretPath/$id"
|
|
fi
|