Compare commits
16 commits
b378de4163
...
6237a3604d
Author | SHA1 | Date | |
---|---|---|---|
6237a3604d | |||
6788ba2032 | |||
22c658898d | |||
3e43873541 | |||
039f1940a0 | |||
cdaebb2930 | |||
fee2a97e30 | |||
Scott Wallace | fc541f0e97 | ||
6035f80a11 | |||
af79b9e539 | |||
00860658a6 | |||
fc5a20f8d8 | |||
c56b7041e4 | |||
f4d7dd2bf0 | |||
e186367d5d | |||
4908899986 |
25
.github/workflows/black.yaml
vendored
Normal file
25
.github/workflows/black.yaml
vendored
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
name: black
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
pull_request: {}
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
lint:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
- uses: actions/setup-python@v4
|
||||||
|
with:
|
||||||
|
python-version: '3.10'
|
||||||
|
- name: Install black
|
||||||
|
run: |
|
||||||
|
pip install --upgrade pip
|
||||||
|
python3.10 -m venv env
|
||||||
|
source env/bin/activate
|
||||||
|
pip install black
|
||||||
|
- name: Run black
|
||||||
|
run: |
|
||||||
|
env/bin/black --check --verbose bw_add_sshkeys.py
|
25
.github/workflows/flake8.yaml
vendored
Normal file
25
.github/workflows/flake8.yaml
vendored
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
name: flake8
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
pull_request: {}
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
lint:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
- uses: actions/setup-python@v4
|
||||||
|
with:
|
||||||
|
python-version: '3.10'
|
||||||
|
- name: Install flake8
|
||||||
|
run: |
|
||||||
|
pip install --upgrade pip
|
||||||
|
python3.10 -m venv env
|
||||||
|
source env/bin/activate
|
||||||
|
pip install flake8
|
||||||
|
- name: Run black
|
||||||
|
run: |
|
||||||
|
env/bin/flake8 bw_add_sshkeys.py
|
25
.github/workflows/mypy.yaml
vendored
Normal file
25
.github/workflows/mypy.yaml
vendored
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
name: mypy
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
pull_request: {}
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
lint:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
- uses: actions/setup-python@v4
|
||||||
|
with:
|
||||||
|
python-version: '3.10'
|
||||||
|
- name: Install mypy
|
||||||
|
run: |
|
||||||
|
pip install --upgrade pip
|
||||||
|
python3.10 -m venv env
|
||||||
|
source env/bin/activate
|
||||||
|
pip install mypy types-setuptools
|
||||||
|
- name: Run black
|
||||||
|
run: |
|
||||||
|
env/bin/mypy bw_add_sshkeys.py
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,2 +1,3 @@
|
||||||
.pyenv/
|
.pyenv/
|
||||||
.mypy_cache/
|
.mypy_cache/
|
||||||
|
env/
|
||||||
|
|
15
README.md
15
README.md
|
@ -1,9 +1,12 @@
|
||||||
# Bitwarden SSH Agent
|
# Bitwarden SSH Agent
|
||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
* You need to have the [Bitwarden CLI tool](https://github.com/bitwarden/cli) installed and available in the `$PATH` as `bw`.
|
* You need to have the [Bitwarden CLI tool](https://bitwarden.com/help/cli/) installed and available in the `$PATH` as `bw`. See below for detailed instructions.
|
||||||
* `ssh-agent` must be running in the current session.
|
* `ssh-agent` must be running in the current session.
|
||||||
|
|
||||||
|
## Installation
|
||||||
|
Just save the file `bw_add_sshkeys.py` in a folder where it can by found when calling it from the command line. On linux you can see these folders by running `echo $PATH` from the command line. To install for a single user, you can - for example - save the script under `~/.local/bin/` and make it executable by running `chmod +x ~/.local/bin/bw_add_sshkeys.py`.
|
||||||
|
|
||||||
## What does it do?
|
## What does it do?
|
||||||
Fetches SSH keys stored in Bitwarden vault and adds them to `ssh-agent`.
|
Fetches SSH keys stored in Bitwarden vault and adds them to `ssh-agent`.
|
||||||
|
|
||||||
|
@ -20,7 +23,7 @@ Fetches SSH keys stored in Bitwarden vault and adds them to `ssh-agent`.
|
||||||
2. Add an new secure note to that folder.
|
2. Add an new secure note to that folder.
|
||||||
3. Upload the private key as an attachment.
|
3. Upload the private key as an attachment.
|
||||||
4. Add the custom field `private` (can be overridden on the command line), containing the file name of the private key attachment.
|
4. Add the custom field `private` (can be overridden on the command line), containing the file name of the private key attachment.
|
||||||
5. (optional) If your key is encrypted with passphrase and you want it to decrypt automatically, save passphrase into custom field `passphrase` (field name can be overriden on the command line)
|
5. (optional) If your key is encrypted with passphrase and you want it to decrypt automatically, save passphrase into custom field `passphrase` (field name can be overriden on the command line). You can create this field as `hidden` if you don't want the passphrase be displayed by default.
|
||||||
6. Repeat steps 2-5 for each subsequent key
|
6. Repeat steps 2-5 for each subsequent key
|
||||||
|
|
||||||
## Command line overrides
|
## Command line overrides
|
||||||
|
@ -28,3 +31,11 @@ Fetches SSH keys stored in Bitwarden vault and adds them to `ssh-agent`.
|
||||||
* `--foldername`/`-f` - Folder name to use to search for SSH keys _(default: ssh-agent)_
|
* `--foldername`/`-f` - Folder name to use to search for SSH keys _(default: ssh-agent)_
|
||||||
* `--customfield`/`-c` - Custom field name where private key filename is stored _(default: private)_
|
* `--customfield`/`-c` - Custom field name where private key filename is stored _(default: private)_
|
||||||
* `--passphrasefield`/`-p` - Custom field name where passphrase for the key is stored _(default: passphrase)_
|
* `--passphrasefield`/`-p` - Custom field name where passphrase for the key is stored _(default: passphrase)_
|
||||||
|
* `--session`/`-s` - session key of bitwarden
|
||||||
|
|
||||||
|
## Setting up the Bitwarden CLI tool
|
||||||
|
Download the [Bitwarden CLI](https://bitwarden.com/help/cli/), extract the binary from the zip file, make it executable and add it to your path so that it can be found on the command line.
|
||||||
|
|
||||||
|
On linux you will likely want to move the executable to `~/.local/bin` and make it executable `chmod +x ~/.local/bin/bw`. `~/.local/bin` is likely already set as a path. You can confirm that by running `which bw`, which should return the path to the executable. You can use the same approach to turn `bw_add_sshkeys.py` into an executable.
|
||||||
|
|
||||||
|
If you want to build the Bitwarden CLI by yourself, see [these instructions on the bitwarden github page](https://contributing.bitwarden.com/getting-started/clients/cli).
|
|
@ -8,76 +8,32 @@ import json
|
||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
import subprocess
|
import subprocess
|
||||||
from typing import Any, Callable, Dict, List, Optional
|
from typing import Any
|
||||||
|
|
||||||
from pkg_resources import parse_version
|
|
||||||
|
|
||||||
|
|
||||||
def memoize(func: Callable[..., Any]) -> Callable[..., Any]:
|
def get_session(session: str) -> str:
|
||||||
"""
|
|
||||||
Decorator function to cache the results of another function call
|
|
||||||
"""
|
|
||||||
cache: Dict[Any, Callable[..., Any]] = {}
|
|
||||||
|
|
||||||
def memoized_func(*args: Any) -> Any:
|
|
||||||
if args in cache:
|
|
||||||
return cache[args]
|
|
||||||
result = func(*args)
|
|
||||||
cache[args] = result
|
|
||||||
return result
|
|
||||||
|
|
||||||
return memoized_func
|
|
||||||
|
|
||||||
|
|
||||||
@memoize
|
|
||||||
def bwcli_version() -> str:
|
|
||||||
"""
|
|
||||||
Function to return the version of the Bitwarden CLI
|
|
||||||
"""
|
|
||||||
proc_version = subprocess.run(
|
|
||||||
['bw', '--version'],
|
|
||||||
stdout=subprocess.PIPE,
|
|
||||||
universal_newlines=True,
|
|
||||||
check=True,
|
|
||||||
)
|
|
||||||
return proc_version.stdout
|
|
||||||
|
|
||||||
|
|
||||||
@memoize
|
|
||||||
def cli_supports(feature: str) -> bool:
|
|
||||||
"""
|
|
||||||
Function to return whether the current Bitwarden CLI supports a particular
|
|
||||||
feature
|
|
||||||
"""
|
|
||||||
version = parse_version(bwcli_version())
|
|
||||||
|
|
||||||
if feature == 'nointeraction' and version >= parse_version('1.9.0'):
|
|
||||||
return True
|
|
||||||
return False
|
|
||||||
|
|
||||||
|
|
||||||
def get_session() -> str:
|
|
||||||
"""
|
"""
|
||||||
Function to return a valid Bitwarden session
|
Function to return a valid Bitwarden session
|
||||||
"""
|
"""
|
||||||
# Check for an existing, user-supplied Bitwarden session
|
# Check for an existing, user-supplied Bitwarden session
|
||||||
session = os.environ.get('BW_SESSION', '')
|
if not session:
|
||||||
|
session = os.environ.get("BW_SESSION", "")
|
||||||
if session:
|
if session:
|
||||||
logging.debug('Existing Bitwarden session found')
|
logging.debug("Existing Bitwarden session found")
|
||||||
return session
|
return session
|
||||||
|
|
||||||
# Check if we're already logged in
|
# Check if we're already logged in
|
||||||
proc_logged = subprocess.run(['bw', 'login', '--check', '--quiet'], check=True)
|
proc_logged = subprocess.run(["bw", "login", "--check", "--quiet"], check=False)
|
||||||
|
|
||||||
if proc_logged.returncode:
|
if proc_logged.returncode:
|
||||||
logging.debug('Not logged into Bitwarden')
|
logging.debug("Not logged into Bitwarden")
|
||||||
operation = 'login'
|
operation = "login"
|
||||||
else:
|
else:
|
||||||
logging.debug('Bitwarden vault is locked')
|
logging.debug("Bitwarden vault is locked")
|
||||||
operation = 'unlock'
|
operation = "unlock"
|
||||||
|
|
||||||
proc_session = subprocess.run(
|
proc_session = subprocess.run(
|
||||||
['bw', '--raw', operation],
|
["bw", "--raw", operation],
|
||||||
stdout=subprocess.PIPE,
|
stdout=subprocess.PIPE,
|
||||||
universal_newlines=True,
|
universal_newlines=True,
|
||||||
check=True,
|
check=True,
|
||||||
|
@ -94,50 +50,52 @@ def get_folders(session: str, foldername: str) -> str:
|
||||||
"""
|
"""
|
||||||
Function to return the ID of the folder that matches the provided name
|
Function to return the ID of the folder that matches the provided name
|
||||||
"""
|
"""
|
||||||
logging.debug('Folder name: %s', foldername)
|
logging.debug("Folder name: %s", foldername)
|
||||||
|
|
||||||
proc_folders = subprocess.run(
|
proc_folders = subprocess.run(
|
||||||
['bw', 'list', 'folders', '--search', foldername, '--session', session],
|
["bw", "list", "folders", "--search", foldername, "--session", session],
|
||||||
stdout=subprocess.PIPE,
|
stdout=subprocess.PIPE,
|
||||||
universal_newlines=True,
|
universal_newlines=True,
|
||||||
check=True,
|
check=True,
|
||||||
|
encoding="utf-8",
|
||||||
)
|
)
|
||||||
|
|
||||||
folders = json.loads(proc_folders.stdout)
|
folders = json.loads(proc_folders.stdout)
|
||||||
|
|
||||||
if not folders:
|
if not folders:
|
||||||
logging.error('"%s" folder not found', foldername)
|
logging.error('"%s" folder not found', foldername)
|
||||||
return ''
|
return ""
|
||||||
|
|
||||||
# Do we have any folders
|
# Do we have any folders
|
||||||
if len(folders) != 1:
|
if len(folders) != 1:
|
||||||
logging.error('%d folders with the name "%s" found', len(folders), foldername)
|
logging.error('%d folders with the name "%s" found', len(folders), foldername)
|
||||||
return ''
|
return ""
|
||||||
|
|
||||||
return str(folders[0]['id'])
|
return str(folders[0]["id"])
|
||||||
|
|
||||||
|
|
||||||
def folder_items(session: str, folder_id: str) -> List[Dict[str, Any]]:
|
def folder_items(session: str, folder_id: str) -> list[dict[str, Any]]:
|
||||||
"""
|
"""
|
||||||
Function to return items from a folder
|
Function to return items from a folder
|
||||||
"""
|
"""
|
||||||
logging.debug('Folder ID: %s', folder_id)
|
logging.debug("Folder ID: %s", folder_id)
|
||||||
|
|
||||||
proc_items = subprocess.run(
|
proc_items = subprocess.run(
|
||||||
['bw', 'list', 'items', '--folderid', folder_id, '--session', session],
|
["bw", "list", "items", "--folderid", folder_id, "--session", session],
|
||||||
stdout=subprocess.PIPE,
|
stdout=subprocess.PIPE,
|
||||||
universal_newlines=True,
|
universal_newlines=True,
|
||||||
check=True,
|
check=True,
|
||||||
|
encoding="utf-8",
|
||||||
)
|
)
|
||||||
|
|
||||||
data: List[Dict[str, Any]] = json.loads(proc_items.stdout)
|
data: list[dict[str, Any]] = json.loads(proc_items.stdout)
|
||||||
|
|
||||||
return data
|
return data
|
||||||
|
|
||||||
|
|
||||||
def add_ssh_keys(
|
def add_ssh_keys(
|
||||||
session: str,
|
session: str,
|
||||||
items: List[Dict[str, Any]],
|
items: list[dict[str, Any]],
|
||||||
keyname: str,
|
keyname: str,
|
||||||
pwkeyname: str,
|
pwkeyname: str,
|
||||||
) -> None:
|
) -> None:
|
||||||
|
@ -147,69 +105,69 @@ def add_ssh_keys(
|
||||||
for item in items:
|
for item in items:
|
||||||
try:
|
try:
|
||||||
private_key_file = [
|
private_key_file = [
|
||||||
k['value'] for k in item['fields'] if k['name'] == keyname
|
k["value"] for k in item["fields"] if k["name"] == keyname
|
||||||
][0]
|
][0]
|
||||||
except IndexError:
|
except IndexError:
|
||||||
logging.warning('No "%s" field found for item %s', keyname, item['name'])
|
logging.warning('No "%s" field found for item %s', keyname, item["name"])
|
||||||
continue
|
continue
|
||||||
except KeyError as error:
|
except KeyError as error:
|
||||||
logging.debug(
|
logging.debug(
|
||||||
'No key "%s" found in item %s - skipping', error.args[0], item['name']
|
'No key "%s" found in item %s - skipping', error.args[0], item["name"]
|
||||||
)
|
)
|
||||||
continue
|
continue
|
||||||
logging.debug('Private key file declared')
|
logging.debug("Private key file declared")
|
||||||
|
|
||||||
private_key_pw = None
|
private_key_pw = ""
|
||||||
try:
|
try:
|
||||||
private_key_pw = [
|
private_key_pw = [
|
||||||
k['value'] for k in item['fields'] if k['name'] == pwkeyname
|
k["value"] for k in item["fields"] if k["name"] == pwkeyname
|
||||||
][0]
|
][0]
|
||||||
logging.debug('Passphrase declared')
|
logging.debug("Passphrase declared")
|
||||||
except IndexError:
|
except IndexError:
|
||||||
logging.warning('No "%s" field found for item %s', pwkeyname, item['name'])
|
logging.warning('No "%s" field found for item %s', pwkeyname, item["name"])
|
||||||
except KeyError as error:
|
except KeyError as error:
|
||||||
logging.debug(
|
logging.debug(
|
||||||
'No key "%s" found in item %s - skipping', error.args[0], item['name']
|
'No key "%s" found in item %s - skipping', error.args[0], item["name"]
|
||||||
)
|
)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
private_key_id = [
|
private_key_id = [
|
||||||
k['id']
|
k["id"]
|
||||||
for k in item['attachments']
|
for k in item["attachments"]
|
||||||
if k['fileName'] == private_key_file
|
if k["fileName"] == private_key_file
|
||||||
][0]
|
][0]
|
||||||
except IndexError:
|
except IndexError:
|
||||||
logging.warning(
|
logging.warning(
|
||||||
'No attachment called "%s" found for item %s',
|
'No attachment called "%s" found for item %s',
|
||||||
private_key_file,
|
private_key_file,
|
||||||
item['name'],
|
item["name"],
|
||||||
)
|
)
|
||||||
continue
|
continue
|
||||||
logging.debug('Private key ID found')
|
logging.debug("Private key ID found")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
ssh_add(session, item['id'], private_key_id, private_key_pw)
|
ssh_add(session, item["id"], private_key_id, private_key_pw)
|
||||||
except subprocess.SubprocessError:
|
except subprocess.SubprocessError:
|
||||||
logging.warning('Could not add key to the SSH agent')
|
logging.warning("Could not add key to the SSH agent")
|
||||||
|
|
||||||
|
|
||||||
def ssh_add(session: str, item_id: str, key_id: str, key_pw: Optional[str]) -> None:
|
def ssh_add(session: str, item_id: str, key_id: str, key_pw: str = "") -> None:
|
||||||
"""
|
"""
|
||||||
Function to get the key contents from the Bitwarden vault
|
Function to get the key contents from the Bitwarden vault
|
||||||
"""
|
"""
|
||||||
logging.debug('Item ID: %s', item_id)
|
logging.debug("Item ID: %s", item_id)
|
||||||
logging.debug('Key ID: %s', key_id)
|
logging.debug("Key ID: %s", key_id)
|
||||||
|
|
||||||
proc_attachment = subprocess.run(
|
proc_attachment = subprocess.run(
|
||||||
[
|
[
|
||||||
'bw',
|
"bw",
|
||||||
'get',
|
"get",
|
||||||
'attachment',
|
"attachment",
|
||||||
key_id,
|
key_id,
|
||||||
'--itemid',
|
"--itemid",
|
||||||
item_id,
|
item_id,
|
||||||
'--raw',
|
"--raw",
|
||||||
'--session',
|
"--session",
|
||||||
session,
|
session,
|
||||||
],
|
],
|
||||||
stdout=subprocess.PIPE,
|
stdout=subprocess.PIPE,
|
||||||
|
@ -230,16 +188,16 @@ def ssh_add(session: str, item_id: str, key_id: str, key_pw: Optional[str]) -> N
|
||||||
logging.debug("Running ssh-add")
|
logging.debug("Running ssh-add")
|
||||||
# CAVEAT: `ssh-add` provides no useful output, even with maximum verbosity
|
# CAVEAT: `ssh-add` provides no useful output, even with maximum verbosity
|
||||||
subprocess.run(
|
subprocess.run(
|
||||||
['ssh-add', '-'],
|
["ssh-add", "-"],
|
||||||
input=ssh_key,
|
input=ssh_key.encode("utf-8"),
|
||||||
# Works even if ssh-askpass is not installed
|
# Works even if ssh-askpass is not installed
|
||||||
env=envdict,
|
env=envdict,
|
||||||
universal_newlines=True,
|
universal_newlines=False,
|
||||||
check=True,
|
check=True,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == "__main__":
|
||||||
|
|
||||||
def parse_args() -> argparse.Namespace:
|
def parse_args() -> argparse.Namespace:
|
||||||
"""
|
"""
|
||||||
|
@ -247,28 +205,34 @@ if __name__ == '__main__':
|
||||||
"""
|
"""
|
||||||
parser = argparse.ArgumentParser()
|
parser = argparse.ArgumentParser()
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-d',
|
"-d",
|
||||||
'--debug',
|
"--debug",
|
||||||
action='store_true',
|
action="store_true",
|
||||||
help='show debug output',
|
help="show debug output",
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-f',
|
"-f",
|
||||||
'--foldername',
|
"--foldername",
|
||||||
default='ssh-agent',
|
default="ssh-agent",
|
||||||
help='folder name to use to search for SSH keys',
|
help="folder name to use to search for SSH keys",
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-c',
|
"-c",
|
||||||
'--customfield',
|
"--customfield",
|
||||||
default='private',
|
default="private",
|
||||||
help='custom field name where private key filename is stored',
|
help="custom field name where private key filename is stored",
|
||||||
)
|
)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'-p',
|
"-p",
|
||||||
'--passphrasefield',
|
"--passphrasefield",
|
||||||
default='passphrase',
|
default="passphrase",
|
||||||
help='custom field name where key passphrase is stored',
|
help="custom field name where key passphrase is stored",
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"-s",
|
||||||
|
"--session",
|
||||||
|
default="",
|
||||||
|
help="session key of bitwarden",
|
||||||
)
|
)
|
||||||
|
|
||||||
return parser.parse_args()
|
return parser.parse_args()
|
||||||
|
@ -288,24 +252,26 @@ if __name__ == '__main__':
|
||||||
logging.basicConfig(level=loglevel)
|
logging.basicConfig(level=loglevel)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
logging.info('Getting Bitwarden session')
|
logging.info("Getting Bitwarden session")
|
||||||
session = get_session()
|
session = get_session(args.session)
|
||||||
logging.debug('Session = %s', session)
|
logging.debug("Session = %s", session)
|
||||||
|
|
||||||
logging.info('Getting folder list')
|
logging.info("Getting folder list")
|
||||||
folder_id = get_folders(session, args.foldername)
|
folder_id = get_folders(session, args.foldername)
|
||||||
|
|
||||||
logging.info('Getting folder items')
|
logging.info("Getting folder items")
|
||||||
items = folder_items(session, folder_id)
|
items = folder_items(session, folder_id)
|
||||||
|
|
||||||
logging.info('Attempting to add keys to ssh-agent')
|
logging.info("Attempting to add keys to ssh-agent")
|
||||||
add_ssh_keys(session, items, args.customfield, args.passphrasefield)
|
add_ssh_keys(session, items, args.customfield, args.passphrasefield)
|
||||||
except subprocess.CalledProcessError as error:
|
except subprocess.CalledProcessError as error:
|
||||||
if error.stderr:
|
if error.stderr:
|
||||||
logging.error('"%s" error: %s', error.cmd[0], error.stderr)
|
logging.error('"%s" error: %s', error.cmd[0], error.stderr)
|
||||||
logging.debug('Error running %s', error.cmd)
|
logging.debug("Error running %s", error.cmd)
|
||||||
|
|
||||||
if os.environ.get('SSH_ASKPASS'):
|
if os.environ.get("SSH_ASKPASS") and os.environ.get(
|
||||||
print(os.environ.get('SSH_KEY_PASSPHRASE'))
|
"SSH_ASKPASS"
|
||||||
|
) == os.path.realpath(__file__):
|
||||||
|
print(os.environ.get("SSH_KEY_PASSPHRASE"))
|
||||||
else:
|
else:
|
||||||
main()
|
main()
|
||||||
|
|
61
flake.lock
Normal file
61
flake.lock
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"flake-parts": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs-lib": "nixpkgs-lib"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1690933134,
|
||||||
|
"narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=",
|
||||||
|
"owner": "hercules-ci",
|
||||||
|
"repo": "flake-parts",
|
||||||
|
"rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "flake-parts",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1691464053,
|
||||||
|
"narHash": "sha256-D21ctOBjr2Y3vOFRXKRoFr6uNBvE8q5jC4RrMxRZXTM=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "844ffa82bbe2a2779c86ab3a72ff1b4176cec467",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "nixpkgs",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-lib": {
|
||||||
|
"locked": {
|
||||||
|
"dir": "lib",
|
||||||
|
"lastModified": 1690881714,
|
||||||
|
"narHash": "sha256-h/nXluEqdiQHs1oSgkOOWF+j8gcJMWhwnZ9PFabN6q0=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "9e1960bc196baf6881340d53dccb203a951745a2",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"dir": "lib",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-parts": "flake-parts",
|
||||||
|
"nixpkgs": "nixpkgs"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": "root",
|
||||||
|
"version": 7
|
||||||
|
}
|
44
flake.nix
Normal file
44
flake.nix
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
{
|
||||||
|
description = "Small python script to load bitwarden-store ssh keys into ssh-agent";
|
||||||
|
|
||||||
|
outputs = inputs@{ nixpkgs, flake-parts, ... }:
|
||||||
|
flake-parts.lib.mkFlake { inherit inputs; } {
|
||||||
|
imports = [
|
||||||
|
inputs.flake-parts.flakeModules.easyOverlay
|
||||||
|
];
|
||||||
|
systems = [ "x86_64-linux" "aarch64-darwin" ];
|
||||||
|
perSystem = { config, self', inputs', pkgs, system, ... }:
|
||||||
|
let
|
||||||
|
package = pkgs.python3Packages.buildPythonPackage {
|
||||||
|
pname = "bitwarden-ssh-agent";
|
||||||
|
version = "0.1.2";
|
||||||
|
src = ./. ;
|
||||||
|
propagatedBuildInputs = [ pkgs.python3Packages.setuptools pkgs.bitwarden-cli ];
|
||||||
|
format = "other";
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/bin/
|
||||||
|
mv bw_add_sshkeys.py $out/bin/bitwarden-ssh-agent
|
||||||
|
chmod +x $out/bin/bitwarden-ssh-agent
|
||||||
|
'';
|
||||||
|
meta = with pkgs.lib; {
|
||||||
|
description = "Small python script to load bitwarden-store ssh keys into ssh-agent";
|
||||||
|
homepage = "https://github.com/joaojacome/bitwarden-ssh-agent";
|
||||||
|
license = licenses.mit;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
overlayAttrs = {
|
||||||
|
bitwarden-ssh-agent = package;
|
||||||
|
};
|
||||||
|
packages.default = package;
|
||||||
|
devShells.default = pkgs.mkShell {
|
||||||
|
packages = [
|
||||||
|
pkgs.bitwarden-cli
|
||||||
|
(pkgs.python3.withPackages(pkgs: [
|
||||||
|
pkgs.setuptools
|
||||||
|
]))
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
9
mypy.ini
Normal file
9
mypy.ini
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
[mypy]
|
||||||
|
python_version = 3.10
|
||||||
|
warn_return_any = True
|
||||||
|
disallow_untyped_defs = True
|
||||||
|
disallow_any_unimported = True
|
||||||
|
no_implicit_optional = True
|
||||||
|
check_untyped_defs = True
|
||||||
|
show_error_codes = True
|
||||||
|
warn_unused_ignores = True
|
2
pyproject.toml
Normal file
2
pyproject.toml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
[tool.black]
|
||||||
|
target-version = ['py310']
|
Loading…
Reference in a new issue