Skip to content

Commit

Permalink
[bitwarden] ability to fetch all fields from an item
Browse files Browse the repository at this point in the history
Sometimes a projects has a lot of secrets (more than 10). And its
cumbersome to write $(kama secrets fetch ...) with a lot of field
names.

I want to be able to just fetch all the fields from a given item
 and then just use these with $(kamal extract NAME)
  • Loading branch information
honzasterba committed Oct 5, 2024
1 parent 4b2c9cd commit 1d4a804
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 8 deletions.
20 changes: 13 additions & 7 deletions lib/kamal/secrets/adapters/bitwarden.rb
Original file line number Diff line number Diff line change
Expand Up @@ -27,23 +27,29 @@ def fetch_secrets(secrets, account:, session:)
item_json = run_command("get item #{item.shellescape}", session: session, raw: true)
raise RuntimeError, "Could not read #{secret} from Bitwarden" unless $?.success?
item_json = JSON.parse(item_json)

if fields.any?
fields.each do |field|
item_field = item_json["fields"].find { |f| f["name"] == field }
raise RuntimeError, "Could not find field #{field} in item #{item} in Bitwarden" unless item_field
value = item_field["value"]
results["#{item}/#{field}"] = value
end
fetch_secrets_from_fields fields, item, item_json, results
elsif item_json.dig("login", "password")
results[item] = item_json.dig("login", "password")
elsif item_json["fields"].any?
fields = item_json["fields"].pluck("name")
fetch_secrets_from_fields fields, item, item_json, results
else
raise RuntimeError, "Item #{item} is not a login type item and no fields were specified"
end
end
end
end

def fetch_secrets_from_fields(fields, item, item_json, results)
fields.each do |field|
item_field = item_json["fields"].find { |f| f["name"] == field }
raise RuntimeError, "Could not find field #{field} in item #{item} in Bitwarden" unless item_field
value = item_field["value"]
results["#{item}/#{field}"] = value
end
end

def items_fields(secrets)
{}.tap do |items|
secrets.each do |secret|
Expand Down
17 changes: 16 additions & 1 deletion test/secrets/bitwarden_adapter_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,20 @@ class BitwardenAdapterTest < SecretAdapterTestCase
assert_equal expected_json, json
end

test "fetch all with from" do
stub_unlocked
stub_ticks.with("bw sync").returns("")
stub_myitem

json = JSON.parse(shellunescape(run_command("fetch", "--from", "myitem")))

expected_json = {
"myitem/field1"=>"secret1", "myitem/field2"=>"blam", "myitem/field3"=>"fewgrwjgk", "myitem/field4"=>"auto"
}

assert_equal expected_json, json
end

test "fetch with multiple items" do
stub_unlocked

Expand Down Expand Up @@ -237,7 +251,8 @@ def stub_myitem
"fields":[
{"name":"field1","value":"secret1","type":1,"linkedId":null},
{"name":"field2","value":"blam","type":1,"linkedId":null},
{"name":"field3","value":"fewgrwjgk","type":1,"linkedId":null}
{"name":"field3","value":"fewgrwjgk","type":1,"linkedId":null},
{"name":"field4","value":"auto","type":1,"linkedId":null}
],
"login":{"fido2Credentials":[],"uris":[],"username":null,"password":null,"totp":null,"passwordRevisionDate":null},"collectionIds":[]
}
Expand Down

0 comments on commit 1d4a804

Please sign in to comment.