Merge pull request #6 from samply/use-rbw

Use rbw instead of official Bitwarden CLI
samply · Jul 23, 2024 · 24f501f · 24f501f
2 parents 2c51dbf + 1d88262
commit 24f501f
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 15 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,18 +1,21 @@
-FROM ubuntu AS builder
+FROM rust AS builder
 
-ADD https://vault.bitwarden.com/download/?app=cli&platform=linux /tmp/bw.zip
+RUN echo '[profile.release]\n\
+lto = true\n\
+codegen-units = 1\n\
+panic = "abort"\n\
+strip = true' > $CARGO_HOME/config.toml
 
-RUN apt-get update && apt-get -y install unzip && \
-    unzip -d /usr/local/bin /tmp/bw.zip && \
-    chmod +x /usr/local/bin/*
+RUN cargo install rbw && \
+    mv $CARGO_HOME/bin/rbw $CARGO_HOME/bin/rbw-agent /
 
 FROM ubuntu
 
 RUN apt-get update && \
     apt-get -y install jq curl && \
     rm -rf /var/lib/apt/lists
 
-COPY --from=builder /usr/local/bin/bw /usr/local/bin/
+COPY --from=builder /rbw /rbw-agent /usr/local/bin/
 
 ADD *.sh /
 

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,18 +1,25 @@
 #!/bin/bash -e
 
-MAND_VARS="BW_MASTERPASS BW_CLIENTID BW_CLIENTSECRET BW_SERVER"
+MAND_VARS="BW_MASTERPASS BW_EMAIL BW_SERVER"
 
 source ./checkMandVars.sh
 
+export PIN=$(mktemp)
+
 bw_login() {
-	bw config server ${BW_SERVER}
-	bw login --apikey --raw
-	read BW_SESSION < <(bw unlock --passwordenv BW_MASTERPASS --raw)
-	export BW_SESSION
+	cat <<EOF > ${PIN}
+#!/bin/sh
+
+echo "D ${BW_MASTERPASS}"
+EOF
+	chmod +x $PIN
+	rbw config set base_url ${BW_SERVER}
+	rbw config set email ${BW_EMAIL}
+	rbw config set pinentry ${PIN}
 }
 
 bw_logout(){
-	bw logout --raw
+	rbw stop-agent
 }
 
 vault_sealstatus() {
@@ -31,7 +38,7 @@ case "$1" in
 		RESULT="\n"
 
 		while (( "$#" )); do
-			read PASS < <(bw get password $1)
+			read PASS < <(rbw get password $1)
 			if [ -z "$PASS" ]; then
 				echo "ERROR: Password $1 not found in vault. Exiting ..."
 				exit 1
@@ -49,7 +56,7 @@ case "$1" in
 		shift
 		bw_login
 		echo "Getting unseal key ..."
-		read UNSEAL_KEY < <(bw get password "Vault Unseal Key")
+		read UNSEAL_KEY < <(rbw get "Vault Unseal Key")
 		echo "Got unseal key."
 		bw_logout
 
@@ -90,7 +97,7 @@ case "$1" in
 		fi
 
 		echo "Vault is unlocked. This container will stay active to keep the stack from quitting."
-		sleep infinity
+		exec sleep infinity
 		;;
 
 	*)