logo

secret

Replacement to pass(1) based on reop(1)git clone https://hacktivis.me/git/secret.git

secret (3529B)


  1. #!/bin/sh
  2. # secret: Replacement to pass(1) based on reop(1)
  3. # Copyright 2020 Haelwenn (lanodan) Monnier <contact+secret@hacktivis.me>
  4. # SPDX-License-Identifier: ISC
  5. basepath="$HOME/.secret-storage"
  6. set -e
  7. secret_clip() {
  8. head -n 1 | tr -d '\n' | xclip -i -selection clipboard
  9. }
  10. secret_init() {
  11. set -x
  12. test -f "${basepath}.pub" -a -f "${basepath}.priv" || reop -G -p "${basepath}.pub" -s "${basepath}.priv"
  13. chmod 0400 "${basepath}.pub" "${basepath}.priv"
  14. test -d "$basepath/.git" || git init "${basepath}"
  15. chmod 0700 "$basepath"
  16. }
  17. secret_list() {
  18. ( cd "$basepath" && find . -type f -name '*.reop' "$@" | sed -e 's;^./;;' -e 's;.reop$;;') | sort
  19. }
  20. secret_list_oath() {
  21. secret_list -name '*.oath.reop' "$@"
  22. }
  23. tree() {
  24. secret_list "$@" | tree --fromfile
  25. }
  26. secret_read() {
  27. entry="$*"
  28. target="${SECRET_FILE:--}"
  29. reop -D -p "${basepath}.pub" -s "${basepath}.priv" -m "$target" -x "${basepath}/${entry}.reop"
  30. }
  31. secret_write() {
  32. entry="$*"
  33. target="${SECRET_FILE:--}"
  34. reop -E -p "${basepath}.pub" -s "${basepath}.priv" -m "$target" -x "${basepath}/${entry}.reop"
  35. if test -f "${basepath}/.git/HEAD"
  36. then
  37. oldpwd="$PWD"
  38. cd "${basepath}"
  39. git add "${entry}.reop"
  40. git commit -m "${entry}: encrypt auto-update"
  41. if [ "$(git remote show -n)" != "" ]; then git push; fi
  42. cd "${oldpwd}"
  43. else
  44. echo "No git repository in ‘$basepath’, consider creating one"
  45. fi
  46. }
  47. secret_read_oath() {
  48. oathtool $(secret_read "$@")
  49. }
  50. secret_edit() {
  51. file="${basepath}/.secret_$RANDOM.txt"
  52. unset SECRET_FILE
  53. secret_read "$@" > "$file"
  54. $EDITOR "$file" || rm -f "$file"
  55. secret_write "$@" < "$file" ; rm -f "$file"
  56. }
  57. secret_dmenu() {
  58. echo | dmenu -nb '#000' -nf '#000' -p "Passphrase: "
  59. }
  60. secret_dmenu_oath() {
  61. entry="$(secret_list -name '*.oath.reop' | dmenu -i)"
  62. export SECRET_FILE="${basepath}/.secret_$RANDOM.txt"
  63. secret_dmenu | secret_read "$entry"
  64. oathtool $(cat "${SECRET_FILE}") | secret_clip
  65. shred -u "${SECRET_FILE}"
  66. }
  67. secret_dmenu_read() {
  68. entry="$(secret_list | dmenu -i)"
  69. export SECRET_FILE="${basepath}/.secret_$RANDOM.txt"
  70. secret_dmenu | secret_read "$entry"
  71. cat "${SECRET_FILE}" | secret_clip
  72. shred -u "${SECRET_FILE}"
  73. }
  74. secret_usage() {
  75. cat <<-EOF
  76. secret [command] [command-arguments...]
  77. Replacement to pass(1) based on reop(1)
  78. secret init
  79. Initializes secret keys and git storage repo.
  80. secret ls [arguments...]
  81. List the entries. Passes arguments to find(1).
  82. secret tree [arguments...]
  83. Same as ‘secret ls’ but outputs via tree(1).
  84. secret read <entry>
  85. Read a secret entry.
  86. secret write <entry>
  87. Write a secret entry.
  88. secret edit <entry>
  89. Wrapper around $EDITOR for easy secret edition.
  90. secret dmenu
  91. dmenu on entries, dmenu for a passphrase, read secret, pipe to xclip(1).
  92. secret ls-oath [arguments...]
  93. Same as ‘secret ls’ but limited to oath entries(‘*.oath.reop’).
  94. secret read-oath <entry>
  95. Same as ‘secret read’ but entry content passed to oathtool(1) as arguments.
  96. secret dmenu-oath
  97. Same as ‘secret dmenu’ but ‘secret read-oath’ instead of ‘secret read’.
  98. EOF
  99. exit 1
  100. }
  101. command="$1"
  102. [ "$1" = "" ] && secret_usage "$@"
  103. shift || secret_usage "$@"
  104. case "$command" in
  105. init) secret_init "$@" ;;
  106. ls) secret_list "$@" ;;
  107. tree) secret_tree "$@" ;;
  108. read) secret_read "$@" ;;
  109. write) secret_write "$@" ;;
  110. edit) secret_edit "$@" ;;
  111. dmenu) secret_dmenu_read "$@" ;;
  112. ls-oath) secret_list_oath "$@" ;;
  113. read-oath) secret_read_oath "$@" ;;
  114. dmenu-oath) secret_dmenu_oath "$@" ;;
  115. *) secret_usage "$@" ;;
  116. esac