From 961608c6d7281e8e7030eacc5d5caa102c52d7e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrien=20Gallou=C3=ABt?= <adrien@gallouet.fr>
Date: Sun, 26 Apr 2020 08:30:22 +0000
Subject: [PATCH] Support a different store with SECRET_STORE
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
---
 README.md | 13 ++++++-------
 secret.c  | 22 ++++++++++++++++------
 2 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index 28edb81..2778a75 100644
--- a/README.md
+++ b/README.md
@@ -46,13 +46,17 @@ Completion for secrets is only available in a trusted shell. See below.
 | change KEY         | Change an existing secret.                          |
 | agent CMD [ARG]... | Run a process in a trusted zone. Typically a shell. |
 
+You can use a different store using the `SECRET_STORE` environment variable:
+
+    $ env SECRET_STORE=<FILE> secret ...
+
 ## Examples
 
 Initialize secret for the current user:
 
     $ secret init
 
-Add a new generated secret:
+Add a new randomly generated secret:
 
     $ secret add test
     Password:
@@ -70,12 +74,7 @@ Start `bash` in a trusted zone:
     $ secret agent bash
     Password:
 
-Now you can play with your little secrets, but only in this shell:
-
-    $ ./secret show test
-    9{6u0ue>5&W2+z#OR:`X<@-#
-
-Note that passphrase was not required.
+Now, the passphrase is not requested and completion fully works!
 
 ---
 For feature requests and bug reports,
diff --git a/secret.c b/secret.c
index 89aa8d2..c4196ca 100644
--- a/secret.c
+++ b/secret.c
@@ -19,6 +19,7 @@
 
 #define S_COUNT(x)  (sizeof(x) / sizeof((x)[0]))
 #define S_ENV_AGENT "SECRET_AGENT"
+#define S_ENV_STORE "SECRET_STORE"
 
 struct {
     char path[1024];
@@ -544,15 +545,24 @@ s_set_signals(void)
 static void
 s_set_path(void)
 {
-    char *home = getenv("HOME");
+    struct {
+        const char *fmt, *env;
+    } path[] = {
+        {"%s",    getenv(S_ENV_STORE)},
+        {"%s/.secret", getenv("HOME")},
+    };
 
-    if (!home)
-        s_fatal("$HOME less");
+    for (size_t i = 0; i < S_COUNT(path); i++) {
+        if (!path[i].env)
+            continue;
 
-    int ret = snprintf(s.path, sizeof(s.path), "%s/.secret", home);
+        int ret = snprintf(s.path, sizeof(s.path), path[i].fmt, path[i].env);
 
-    if (ret <= 0 || (size_t)ret >= sizeof(s.path))
-        s_fatal("Maybe your $HOME is too big...");
+        if (ret <= 0 || (size_t)ret >= sizeof(s.path))
+            s_fatal("Invalid path... Check $HOME or $" S_ENV_STORE);
+
+        break;
+    }
 }
 
 int