From e5cafc772c504e908d32f06a057b9d2fb85a6daf Mon Sep 17 00:00:00 2001 From: Andrew Best <40222285+ausfestivus@users.noreply.github.com> Date: Fri, 20 Mar 2020 10:54:39 +1100 Subject: [PATCH] initial commit --- .import_envvars.sh | 65 +++++++++++++++++++++++++++++++++++++++++++++ README.md | 66 +++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 130 insertions(+), 1 deletion(-) create mode 100755 .import_envvars.sh diff --git a/.import_envvars.sh b/.import_envvars.sh new file mode 100755 index 0000000..f3cc848 --- /dev/null +++ b/.import_envvars.sh @@ -0,0 +1,65 @@ +#!/usr/bin/env bash + +TENANT_ID="XXXXXXXX" + +# Login to 1Password. +# Assumes you have installed the OP CLI and performed the initial configuration +# For more details see https://support.1password.com/command-line-getting-started/ +eval "$(op signin ${TENANT_ID})" + +# put our search string into a var +string="${1}" + +# build a filter we can use to output our list of items that match. +#filter=".[] | .overview.title as \$t | select(\$t | index(\"${string}\")) | [\$t, .uuid] | @csv" +filter=".[] | .overview.title as \$t | select(\$t | index(\"${string}\")) | [\$t, .uuid] | @csv" + +# create our empty associative array. +declare -A myitems + +# prepare to read in in our key and value pairs from the op output +while IFS="," read -r key value +do + # now we need to lose the preceding and trailing double-quotes (") from our VARs + key="${key%\"}" + key="${key#\"}" + + value="${value%\"}" + value="${value#\"}" + myitems[$key]="$value" +done < <(op list items | jq -r -c "${filter}") + +# DEBUG display the list of entries we stored in the array +#echo "" +#echo "[DEBUG] - Step through associative array elements and display them." +#for key in "${!myitems[@]}" +#do +# echo "[DEBUG] - \"$key\" = \"${myitems[$key]}\"" +#done +#echo "" + +# now we create and present the operator with a list of choices to select the env var they're wanting. +echo "Please select an entry:" +select key in "${!myitems[@]}"; do + [[ -n ${key} ]] || { echo "Invalid choice. Please try again." >&2; continue; } + break # valid choice was made; exit prompt. +done + +# uncomment if debugging. +#echo "" +#echo "[DEBUG] - The following item was selected." +#echo "[DEBUG] - title: [$key]; uuid: [${myitems[$key]}]" +#echo "" + +# Now that the ops has selected the record we're interested in, lets pull the item +ev=`op get item ${myitems[$key]}` + +# Convert to base64 for multi-line secrets. +# The schema for the 1Password type 'Password' uses t as the label, and v as the value. +for row in $(echo ${ev} | jq -r -c '.details.sections[1].fields[] | @base64'); do + _envvars() { + echo ${row} | base64 --decode | jq -r ${1} + } + echo "Setting environment variable $(_envvars '.t')" + export $(echo "$(_envvars '.t')=$(_envvars '.v')") +done diff --git a/README.md b/README.md index db8875d..616605a 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,66 @@ # 1password-env-vars -A small Bash script that will help you use 1password data to manage your Cloud provider CLI credentials + +A Bash script that will help you use 1password data to manage your Cloud provider CLI credentials. + +--- + +First up, HT and thanks to [Grant Orchard](https://github.com/grantorchard) & [Anthony Burke](https://github.com/pandom). Grant because he wrote [this thing here](https://grantorchard.com/securing-environment-variables-with-1password/) which I was able to use to give me a head-start making this thing. Anthony because he introduced me to Grant's widget. + +I've had a task in my personal project queue for a long time to write something like this. I was sick of having to manually key in my Cloud CLI credentials and chop and change them as I moved between various Cloud Platforms and tenancies. + +--- + +## introduction + +This script will accept a search string (enclosed in double-quotes) and list matching entries in your selected 1password vault. + +```bash +😀 abest@BARMIX2:~ $ source ./.import_envvars.sh "Env Vars" +Enter the password for XXXX@XXXX.XXXX at XXXXXXXX.1password.com: +Please select an entry: +1) Env Vars - AWS - Example +2) Env Vars - AWS - NAME0 - ENV +3) Env Vars - Azure - Company.com - Dev - SP +#? +``` + +You can then select the entry you want to insert the credentials for into your current CLI session. + +```bash +😀 abest@BARMIX2:~ $ source ./.import_envvars.sh "Env Vars" +Enter the password for XXXX@XXXX.XXXX at XXXXXXXX.1password.com: +Please select an entry: +1) Env Vars - AWS - Example +2) Env Vars - AWS - NAME0 - ENV +3) Env Vars - Azure - Company.com - Dev - SP +#? 2 +Setting environment variable VAULT_ADDR +Setting environment variable AWS_REGION +Setting environment variable AWS_ACCESS_KEY_ID +Setting environment variable AWS_SECRET_ACCESS_KEY +``` + +## requirements + +* You need a [1password](https://1password.com/) account. +* You need the [1password CLI](https://support.1password.com/command-line-getting-started/) installed and configured. +* A bash shell that supports Associate Arrays. Bash v4 and newer iirc. + +## setup + +* satisfy the requirements +* grab the bash script +* modify the `TENANT_ID` variable and enter your 1password tenant name. +* make sure the script is executable `chmod 700 .import_envvars.sh` + +## usage + +* see the example in the intro +* have a look at Grant's page for some information about the formatting and contents of the 1password item. + +## caveats + +* No warranties +* Dont come to me if it blows up your stuff +* Take it as is +* be kind \ No newline at end of file