summaryrefslogtreecommitdiff
path: root/utils/secret.ts
diff options
context:
space:
mode:
Diffstat (limited to 'utils/secret.ts')
-rw-r--r--utils/secret.ts46
1 files changed, 46 insertions, 0 deletions
diff --git a/utils/secret.ts b/utils/secret.ts
new file mode 100644
index 0000000..9847aa6
--- /dev/null
+++ b/utils/secret.ts
@@ -0,0 +1,46 @@
+import { getRequiredEnv, getStdout } from "./mod.ts";
+
+export class BitwardenSession {
+ private readonly sessionInitializer: Promise<string>;
+
+ constructor(server = getRequiredEnv("BW_SERVER")) {
+ ["BW_CLIENTID", "BW_CLIENTSECRET"].forEach(getRequiredEnv);
+
+ this.sessionInitializer = getStdout(
+ `bw config server ${server} --quiet`,
+ ).then(() => getStdout(`bw login --apikey --quiet`))
+ .then(() => getStdout(`bw unlock --passwordenv BW_PASSWORD --raw`))
+ .then((session) => session.trim());
+ }
+
+ public async getItem<T extends LoginItem | SecureNote>(
+ secretName: string,
+ ): Promise<T | undefined> {
+ return await this.sessionInitializer.then((session) =>
+ getStdout(`bw list items`, {
+ env: {
+ BW_SESSION: session,
+ },
+ })
+ ).then((items) => JSON.parse(items)).then((items) =>
+ items.find(({ name }: { name: string }) => name === secretName)
+ );
+ }
+
+ async close(): Promise<void> {
+ return await this.sessionInitializer.then((session) =>
+ getStdout(`bw lock`, { env: { BW_SESSION: session } })
+ ).then(() => {});
+ }
+}
+
+export type LoginItem = {
+ login: {
+ username: string;
+ password: string;
+ };
+};
+
+export type SecureNote = {
+ notes: string;
+};
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-22 19:41:51 +0000