From 1d882620882ced33b286046d99ba1978615c7cca Mon Sep 17 00:00:00 2001 From: lablans Date: Tue, 23 Jul 2024 10:27:49 +0000 Subject: [PATCH] Use rbw instead of official Bitwarden CLI --- Dockerfile | 15 +++++++++------ entrypoint.sh | 25 ++++++++++++++++--------- 2 files changed, 25 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index a4cd7eb..6dbccd8 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,13 @@ -FROM ubuntu AS builder +FROM rust AS builder -ADD https://vault.bitwarden.com/download/?app=cli&platform=linux /tmp/bw.zip +RUN echo '[profile.release]\n\ +lto = true\n\ +codegen-units = 1\n\ +panic = "abort"\n\ +strip = true' > $CARGO_HOME/config.toml -RUN apt-get update && apt-get -y install unzip && \ - unzip -d /usr/local/bin /tmp/bw.zip && \ - chmod +x /usr/local/bin/* +RUN cargo install rbw && \ + mv $CARGO_HOME/bin/rbw $CARGO_HOME/bin/rbw-agent / FROM ubuntu @@ -12,7 +15,7 @@ RUN apt-get update && \ apt-get -y install jq curl && \ rm -rf /var/lib/apt/lists -COPY --from=builder /usr/local/bin/bw /usr/local/bin/ +COPY --from=builder /rbw /rbw-agent /usr/local/bin/ ADD *.sh / diff --git a/entrypoint.sh b/entrypoint.sh index 508fd46..59a2a85 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,18 +1,25 @@ #!/bin/bash -e -MAND_VARS="BW_MASTERPASS BW_CLIENTID BW_CLIENTSECRET BW_SERVER" +MAND_VARS="BW_MASTERPASS BW_EMAIL BW_SERVER" source ./checkMandVars.sh +export PIN=$(mktemp) + bw_login() { - bw config server ${BW_SERVER} - bw login --apikey --raw - read BW_SESSION < <(bw unlock --passwordenv BW_MASTERPASS --raw) - export BW_SESSION + cat < ${PIN} +#!/bin/sh + +echo "D ${BW_MASTERPASS}" +EOF + chmod +x $PIN + rbw config set base_url ${BW_SERVER} + rbw config set email ${BW_EMAIL} + rbw config set pinentry ${PIN} } bw_logout(){ - bw logout --raw + rbw stop-agent } vault_sealstatus() { @@ -31,7 +38,7 @@ case "$1" in RESULT="\n" while (( "$#" )); do - read PASS < <(bw get password $1) + read PASS < <(rbw get password $1) if [ -z "$PASS" ]; then echo "ERROR: Password $1 not found in vault. Exiting ..." exit 1 @@ -49,7 +56,7 @@ case "$1" in shift bw_login echo "Getting unseal key ..." - read UNSEAL_KEY < <(bw get password "Vault Unseal Key") + read UNSEAL_KEY < <(rbw get "Vault Unseal Key") echo "Got unseal key." bw_logout @@ -90,7 +97,7 @@ case "$1" in fi echo "Vault is unlocked. This container will stay active to keep the stack from quitting." - sleep infinity + exec sleep infinity ;; *)