50 lines
1.2 KiB
Bash
Executable File
50 lines
1.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
|
|
# Parse input arguments
|
|
while [[ $# -gt 0 ]]; do
|
|
case "$1" in
|
|
--vault-id)
|
|
VAULT_ID="$2"
|
|
shift 2
|
|
;;
|
|
*)
|
|
echo "Usage: $0 --vault-id <vault id>" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
# Validate vault ID
|
|
if [[ -z "$VAULT_ID" ]]; then
|
|
echo "Error: Missing required --vault-id argument" >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Skip silently for the default vault ID (no named vault to look up)
|
|
if [[ "$VAULT_ID" == "default" ]]; then
|
|
exit 0
|
|
fi
|
|
|
|
ITEM_NAME="${VAULT_ID} vault key"
|
|
FIELD_NAME="password"
|
|
|
|
# Skip silently if 1Password is not available or not authenticated
|
|
if ! command -v op &>/dev/null; then
|
|
exit 0
|
|
fi
|
|
if [[ -z "$OP_SERVICE_ACCOUNT_TOKEN" && -z "$OP_CONNECT_HOST" && ! -S "${HOME}/.1password/agent.sock" ]]; then
|
|
exit 0
|
|
fi
|
|
|
|
# Fetch the vault password from 1Password
|
|
VAULT_PASSWORD=$(op item get "$ITEM_NAME" --fields "$FIELD_NAME" --format=json --vault LabSecrets 2>/dev/null | jq -r '.value')
|
|
|
|
# Output the password or report error
|
|
if [[ -n "$VAULT_PASSWORD" && "$VAULT_PASSWORD" != "null" ]]; then
|
|
echo "$VAULT_PASSWORD"
|
|
else
|
|
echo "Error: Could not retrieve vault password for vault ID '$VAULT_ID' (item: '$ITEM_NAME')" >&2
|
|
exit 1
|
|
fi
|