#!/bin/bash


# Parse input arguments
while [[ $# -gt 0 ]]; do
    case "$1" in
        --vault-id)
            VAULT_ID="$2"
            shift 2
            ;;
        *)
            echo "Usage: $0 --vault-id <vault id>" >&2
            exit 1
            ;;
    esac
done

# Validate vault ID
if [[ -z "$VAULT_ID" ]]; then
    echo "Error: Missing required --vault-id argument" >&2
    exit 1
fi

ITEM_NAME="${VAULT_ID} vault key"
FIELD_NAME="password"

# Fetch the vault password from 1Password
VAULT_PASSWORD=$(op item get "$ITEM_NAME" --fields "$FIELD_NAME" --format=json  --vault LabSecrets 2>/dev/null | jq -r '.value')

# Output the password or report error
if [[ -n "$VAULT_PASSWORD" && "$VAULT_PASSWORD" != "null" ]]; then
    echo "$VAULT_PASSWORD"
else
    echo "Error: Could not retrieve vault password for vault ID '$VAULT_ID' (item: '$ITEM_NAME')" >&2
    exit 1
fi