Support a different store with SECRET_STORE

Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
This commit is contained in:
Adrien Gallouët 2020-04-26 08:30:22 +00:00
parent 11625a500a
commit 961608c6d7
2 changed files with 22 additions and 13 deletions

View file

@ -46,13 +46,17 @@ Completion for secrets is only available in a trusted shell. See below.
| change KEY | Change an existing secret. | | change KEY | Change an existing secret. |
| agent CMD [ARG]... | Run a process in a trusted zone. Typically a shell. | | agent CMD [ARG]... | Run a process in a trusted zone. Typically a shell. |
You can use a different store using the `SECRET_STORE` environment variable:
$ env SECRET_STORE=<FILE> secret ...
## Examples ## Examples
Initialize secret for the current user: Initialize secret for the current user:
$ secret init $ secret init
Add a new generated secret: Add a new randomly generated secret:
$ secret add test $ secret add test
Password: Password:
@ -70,12 +74,7 @@ Start `bash` in a trusted zone:
$ secret agent bash $ secret agent bash
Password: Password:
Now you can play with your little secrets, but only in this shell: Now, the passphrase is not requested and completion fully works!
$ ./secret show test
9{6u0ue>5&W2+z#OR:`X<@-#
Note that passphrase was not required.
--- ---
For feature requests and bug reports, For feature requests and bug reports,

View file

@ -19,6 +19,7 @@
#define S_COUNT(x) (sizeof(x) / sizeof((x)[0])) #define S_COUNT(x) (sizeof(x) / sizeof((x)[0]))
#define S_ENV_AGENT "SECRET_AGENT" #define S_ENV_AGENT "SECRET_AGENT"
#define S_ENV_STORE "SECRET_STORE"
struct { struct {
char path[1024]; char path[1024];
@ -544,15 +545,24 @@ s_set_signals(void)
static void static void
s_set_path(void) s_set_path(void)
{ {
char *home = getenv("HOME"); struct {
const char *fmt, *env;
} path[] = {
{"%s", getenv(S_ENV_STORE)},
{"%s/.secret", getenv("HOME")},
};
if (!home) for (size_t i = 0; i < S_COUNT(path); i++) {
s_fatal("$HOME less"); if (!path[i].env)
continue;
int ret = snprintf(s.path, sizeof(s.path), "%s/.secret", home); int ret = snprintf(s.path, sizeof(s.path), path[i].fmt, path[i].env);
if (ret <= 0 || (size_t)ret >= sizeof(s.path)) if (ret <= 0 || (size_t)ret >= sizeof(s.path))
s_fatal("Maybe your $HOME is too big..."); s_fatal("Invalid path... Check $HOME or $" S_ENV_STORE);
break;
}
} }
int int