utils/secret.ts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

import { getRequiredEnv, getStdout } from "./mod.ts";

export class BitwardenSession {
  private readonly sessionInitializer: Promise<string>;

  constructor(server = getRequiredEnv("BW_SERVER")) {
    ["BW_CLIENTID", "BW_CLIENTSECRET"].forEach(getRequiredEnv);

    this.sessionInitializer = getStdout(
      `bw config server ${server} --quiet`,
    ).then(() => getStdout(`bw login --apikey --quiet`))
      .then(() => getStdout(`bw unlock --passwordenv BW_PASSWORD --raw`))
      .then((session) => session.trim());
  }

  public async getItem<T extends LoginItem | SecureNote>(
    secretName: string,
  ): Promise<T | undefined> {
    return await this.sessionInitializer.then((session) =>
      getStdout(`bw list items`, {
        env: {
          BW_SESSION: session,
        },
      })
    ).then((items) => JSON.parse(items)).then((items) =>
      items.find(({ name }: { name: string }) => name === secretName)
    );
  }

  async close(): Promise<void> {
    return await this.sessionInitializer.then((session) =>
      getStdout(`bw lock`, { env: { BW_SESSION: session } })
    ).then(() => {});
  }
}

export type LoginItem = {
  login: {
    username: string;
    password: string;
  };
};

export type SecureNote = {
  notes: string;
};