From 78d6aa847c5d438a6554d11c85d00720c745a4ba Mon Sep 17 00:00:00 2001
From: Mastermindzh <info@rickvanlieshout.com>
Date: Sun, 19 Mar 2023 22:18:02 +0100
Subject: [PATCH] feat: added the ability to change the openssl encryption
 password

---
 README.md    | 1 +
 export.sh    | 9 +++++++--
 package.json | 2 +-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 3d1c519..5594112 100644
--- a/README.md
+++ b/README.md
@@ -51,3 +51,4 @@ The list below outlines most of them:
 | BW_FOLDER_STRUCTURE | `Y/%m`                                   | Date/timestamp to generate folders                             |
 | BW_PASSWORD_ENCODE  | `base64`                                 | "plain", or "base64", depending on whether you encoded BW_PASS |
 | BW_OPENSSL_OPTIONS  | `aes-256-cbc -pbkdf2 -iter 100000`       | Options passed to openssl's "enc" command                      |
+| BW_ENCRYPTION_PASS  | `$BW_PASS` (same value as BW_PASS)       | Password to encrypt the json file                              |
diff --git a/export.sh b/export.sh
index 403089c..1bdf2d8 100644
--- a/export.sh
+++ b/export.sh
@@ -19,10 +19,12 @@ BW_EXPORT_FOLDER=${BW_EXPORT_FOLDER:-"/export"}
 BW_FOLDER_STRUCTURE=${BW_FOLDER_STRUCTURE:-"+%Y/%m"}
 BW_PASSWORD_ENCODE=${BW_PASSWORD_ENCODE:-"base64"}
 BW_OPENSSL_OPTIONS=${BW_OPENSSL_OPTIONS:-"-aes-256-cbc -pbkdf2 -iter 100000"}
+BW_ENCRYPTION_PASS=${BW_ENCRYPTION_PASS:-"$BW_PASS"}
 
 # construct internal variables
 BW_INTERNAL_TIMESTAMP=$(date "$BW_TIMESTAMP")
 BW_INTERNAL_PASSWORD="$BW_PASS"
+BW_INTERNAL_ENCRYPTION_PASS="$BW_ENCRYPTION_PASS"
 BW_INTERNAL_FOLDER_STRUCTURE="$BW_EXPORT_FOLDER"
 BW_ENC_OUTPUT_FILE="$BW_FILENAME_PREFIX$BW_INTERNAL_TIMESTAMP.enc"
 if [ -n "$BW_FOLDER_STRUCTURE" ]; then
@@ -38,6 +40,7 @@ case $BW_PASSWORD_ENCODE in
 
 "base64")
     BW_INTERNAL_PASSWORD=$(echo "$BW_INTERNAL_PASSWORD" | base64 -d)
+    BW_INTERNAL_ENCRYPTION_PASS=$(echo "$BW_INTERNAL_ENCRYPTION_PASS" | base64 -d)
     ;;
 "none" | "plain")
     echo "using un-encoded password."
@@ -55,11 +58,13 @@ BW_SESSION=$(bw login "$BW_ACCOUNT" "$BW_INTERNAL_PASSWORD" --raw)
 # commands
 echo "Exporting to \"$BW_ENC_OUTPUT_FILE\""
 echo "$BW_ENCRYPTION_PASSWORD"
-bw --raw --session "$BW_SESSION" export --format json | openssl enc $BW_OPENSSL_OPTIONS -k "$BW_INTERNAL_PASSWORD" -out "$BW_ENC_OUTPUT_FILE"
+bw --raw --session "$BW_SESSION" export --format json | openssl enc $BW_OPENSSL_OPTIONS -k "$BW_INTERNAL_ENCRYPTION_PASS" -out "$BW_ENC_OUTPUT_FILE"
 bw_logout
 
 # make sure none of these are available later
 unset BW_SESSION
-unset BW_PASS
 unset BW_ACCOUNT
+unset BW_PASS
 unset BW_INTERNAL_PASSWORD
+unset BW_ENCRYPTION_PASS
+unset BW_INTERNAL_ENCRYPTION_PASS
diff --git a/package.json b/package.json
index ce7b05e..9cecc18 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "bw-export",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "bw-export is a simple bash script that exports a raw, encrypted JSON copy of your Bitwarden vault.",
   "main": "export.sh",
   "scripts": {