mirror of
https://github.com/Mastermindzh/bw-export
synced 2024-11-23 07:13:51 +01:00
feat: added support for apikey authorization
This commit is contained in:
parent
5003ae16c3
commit
756c939d86
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,4 @@
|
|||||||
.docker-export
|
.docker-export
|
||||||
results
|
results
|
||||||
|
*.enc
|
||||||
|
.env
|
||||||
|
@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
|
|||||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||||
|
|
||||||
|
## [1.2.0](https://hub.docker.com/r/mastermindzh/bw-export/tags)
|
||||||
|
|
||||||
|
- Added support for apikey authorization
|
||||||
|
- Skips 2 factor authentication
|
||||||
|
|
||||||
## [1.1.1]
|
## [1.1.1]
|
||||||
|
|
||||||
Cleaned up the export.sh script from extraneous documentation and a useless empty echo.
|
Cleaned up the export.sh script from extraneous documentation and a useless empty echo.
|
||||||
|
@ -2,11 +2,11 @@ FROM node:lts-slim
|
|||||||
|
|
||||||
# install openssl
|
# install openssl
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y --no-install-recommends openssl && \
|
apt-get install -y --no-install-recommends openssl expect && \
|
||||||
rm -rf /var/cache/apk/*
|
rm -rf /var/cache/apk/*
|
||||||
|
|
||||||
# install bitwarden-cli
|
# install bitwarden-cli
|
||||||
RUN npm install -g @bitwarden/cli@2023.2.0
|
RUN npm install -g @bitwarden/cli
|
||||||
|
|
||||||
# add the export script
|
# add the export script
|
||||||
RUN mkdir -p /opt/bw-export
|
RUN mkdir -p /opt/bw-export
|
||||||
|
@ -42,7 +42,7 @@ You can tweak a lot of the internal workings of bw-export with simple environmen
|
|||||||
The list below outlines most of them:
|
The list below outlines most of them:
|
||||||
|
|
||||||
| Variable | Default value | Description |
|
| Variable | Default value | Description |
|
||||||
| ------------------- | ---------------------------------------- | -------------------------------------------------------------- |
|
| ------------------- | ----------------------------------------- | --------------------------------------------------------------------- |
|
||||||
| BW_ACCOUNT | `bitwarden_vault_test@mastermindzh.tech` | Bitwarden email address |
|
| BW_ACCOUNT | `bitwarden_vault_test@mastermindzh.tech` | Bitwarden email address |
|
||||||
| BW_PASS | `VGhpc0lzQVZhdWx0UGFzc3dvcmQK` | Bitwarden password |
|
| BW_PASS | `VGhpc0lzQVZhdWx0UGFzc3dvcmQK` | Bitwarden password |
|
||||||
| BW_FILENAME_PREFIX | `bitwarden_vault_export_` | Prefix to use for generated files ($prefix$timestamp.enc) |
|
| BW_FILENAME_PREFIX | `bitwarden_vault_export_` | Prefix to use for generated files ($prefix$timestamp.enc) |
|
||||||
@ -52,3 +52,6 @@ The list below outlines most of them:
|
|||||||
| BW_PASSWORD_ENCODE | `base64` | "plain", or "base64", depending on whether you encoded BW_PASS |
|
| BW_PASSWORD_ENCODE | `base64` | "plain", or "base64", depending on whether you encoded BW_PASS |
|
||||||
| BW_OPENSSL_OPTIONS | `aes-256-cbc -pbkdf2 -iter 100000` | Options passed to openssl's "enc" command |
|
| BW_OPENSSL_OPTIONS | `aes-256-cbc -pbkdf2 -iter 100000` | Options passed to openssl's "enc" command |
|
||||||
| BW_ENCRYPTION_PASS | `$BW_PASS` (same value as BW_PASS) | Password to encrypt the json file |
|
| BW_ENCRYPTION_PASS | `$BW_PASS` (same value as BW_PASS) | Password to encrypt the json file |
|
||||||
|
| BW_AUTH_METHOD | password | Whether to login with a password or apikey (apikey required for 2fa) |
|
||||||
|
| BW_CLIENT_ID | user.cc433b96-4767-432f-85a5-b11100d4faa6 | Bitwarden client id |
|
||||||
|
| BW_APIKEY | OG1LS3RSVzdXVWRZN25UWEgwdkdOUVMzV0QzVTZr | Bitwarden api key |
|
||||||
|
40
export.sh
40
export.sh
@ -9,8 +9,13 @@ bw_logout() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# environment variables
|
# environment variables
|
||||||
BW_ACCOUNT=${BW_ACCOUNT:-"bitwarden_vault_test@mastermindzh.tech"}
|
# BW_AUTH_METHOD=${BW_AUTH_METHOD:-"password"}
|
||||||
BW_PASS=${BW_PASS:-"VGhpc0lzQVZhdWx0UGFzc3dvcmQK"}
|
BW_AUTH_METHOD=${BW_AUTH_METHOD:-"apikey"}
|
||||||
|
BW_CLIENT_ID=${BW_CLIENT_ID:-"fake_client_id"}
|
||||||
|
BW_APIKEY=${BW_APIKEY:-"fake_apikey"}
|
||||||
|
|
||||||
|
BW_ACCOUNT=${BW_ACCOUNT:-"fake_account"}
|
||||||
|
BW_PASS=${BW_PASS:-"fake_password"}
|
||||||
BW_FILENAME_PREFIX=${BW_FILENAME_PREFIX:-"bitwarden_vault_export_"}
|
BW_FILENAME_PREFIX=${BW_FILENAME_PREFIX:-"bitwarden_vault_export_"}
|
||||||
BW_TIMESTAMP=${BW_TIMESTAMP:-"+%Y-%m-%d %H:%M:%S"}
|
BW_TIMESTAMP=${BW_TIMESTAMP:-"+%Y-%m-%d %H:%M:%S"}
|
||||||
BW_EXPORT_FOLDER=${BW_EXPORT_FOLDER:-"/export"}
|
BW_EXPORT_FOLDER=${BW_EXPORT_FOLDER:-"/export"}
|
||||||
@ -23,6 +28,7 @@ BW_ENCRYPTION_PASS=${BW_ENCRYPTION_PASS:-"$BW_PASS"}
|
|||||||
BW_INTERNAL_TIMESTAMP=$(date "$BW_TIMESTAMP")
|
BW_INTERNAL_TIMESTAMP=$(date "$BW_TIMESTAMP")
|
||||||
BW_INTERNAL_PASSWORD="$BW_PASS"
|
BW_INTERNAL_PASSWORD="$BW_PASS"
|
||||||
BW_INTERNAL_ENCRYPTION_PASS="$BW_ENCRYPTION_PASS"
|
BW_INTERNAL_ENCRYPTION_PASS="$BW_ENCRYPTION_PASS"
|
||||||
|
BW_INTERNAL_API_KEY="$BW_APIKEY"
|
||||||
BW_INTERNAL_FOLDER_STRUCTURE="$BW_EXPORT_FOLDER"
|
BW_INTERNAL_FOLDER_STRUCTURE="$BW_EXPORT_FOLDER"
|
||||||
BW_ENC_OUTPUT_FILE="$BW_FILENAME_PREFIX$BW_INTERNAL_TIMESTAMP.enc"
|
BW_ENC_OUTPUT_FILE="$BW_FILENAME_PREFIX$BW_INTERNAL_TIMESTAMP.enc"
|
||||||
if [ -n "$BW_FOLDER_STRUCTURE" ]; then
|
if [ -n "$BW_FOLDER_STRUCTURE" ]; then
|
||||||
@ -39,6 +45,7 @@ case $BW_PASSWORD_ENCODE in
|
|||||||
"base64")
|
"base64")
|
||||||
BW_INTERNAL_PASSWORD=$(echo "$BW_INTERNAL_PASSWORD" | base64 -d)
|
BW_INTERNAL_PASSWORD=$(echo "$BW_INTERNAL_PASSWORD" | base64 -d)
|
||||||
BW_INTERNAL_ENCRYPTION_PASS=$(echo "$BW_INTERNAL_ENCRYPTION_PASS" | base64 -d)
|
BW_INTERNAL_ENCRYPTION_PASS=$(echo "$BW_INTERNAL_ENCRYPTION_PASS" | base64 -d)
|
||||||
|
BW_INTERNAL_API_KEY=$(echo "$BW_INTERNAL_API_KEY" | base64 -d)
|
||||||
;;
|
;;
|
||||||
"none" | "plain")
|
"none" | "plain")
|
||||||
echo "using un-encoded password."
|
echo "using un-encoded password."
|
||||||
@ -51,7 +58,31 @@ case $BW_PASSWORD_ENCODE in
|
|||||||
esac
|
esac
|
||||||
|
|
||||||
#login
|
#login
|
||||||
BW_SESSION=$(bw login "$BW_ACCOUNT" "$BW_INTERNAL_PASSWORD" --raw)
|
case $BW_AUTH_METHOD in
|
||||||
|
|
||||||
|
"password")
|
||||||
|
BW_SESSION=$(bw login "$BW_ACCOUNT" "$BW_INTERNAL_PASSWORD" --raw)
|
||||||
|
;;
|
||||||
|
"apikey")
|
||||||
|
|
||||||
|
export BW_CLIENT_ID=$BW_CLIENT_ID
|
||||||
|
export BW_INTERNAL_API_KEY=$BW_INTERNAL_API_KEY
|
||||||
|
expect >/dev/null <<'EOF'
|
||||||
|
spawn bw login --apikey
|
||||||
|
expect "client_id:"
|
||||||
|
send "$env(BW_CLIENT_ID)\n"
|
||||||
|
expect "client_secret:"
|
||||||
|
send "$env(BW_INTERNAL_API_KEY)\n"
|
||||||
|
expect eof
|
||||||
|
EOF
|
||||||
|
|
||||||
|
BW_SESSION=$(bw unlock --raw "$BW_INTERNAL_PASSWORD")
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "unrecognized authorization method."
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
# commands
|
# commands
|
||||||
echo "Exporting to \"$BW_ENC_OUTPUT_FILE\""
|
echo "Exporting to \"$BW_ENC_OUTPUT_FILE\""
|
||||||
@ -59,6 +90,9 @@ bw --raw --session "$BW_SESSION" export --format json | openssl enc $BW_OPENSSL_
|
|||||||
bw_logout
|
bw_logout
|
||||||
|
|
||||||
# make sure none of these are available later
|
# make sure none of these are available later
|
||||||
|
unset BW_CLIENT_ID
|
||||||
|
unset BW_APIKEY
|
||||||
|
unset BW_INTERNAL_API_KEY
|
||||||
unset BW_SESSION
|
unset BW_SESSION
|
||||||
unset BW_ACCOUNT
|
unset BW_ACCOUNT
|
||||||
unset BW_PASS
|
unset BW_PASS
|
||||||
|
@ -1,10 +1,12 @@
|
|||||||
{
|
{
|
||||||
"name": "bw-export",
|
"name": "bw-export",
|
||||||
"version": "1.1.1",
|
"version": "1.2.0",
|
||||||
"description": "bw-export is a simple bash script that exports a raw, encrypted JSON copy of your Bitwarden vault.",
|
"description": "bw-export is a simple bash script that exports a raw, encrypted JSON copy of your Bitwarden vault.",
|
||||||
"main": "export.sh",
|
"main": "export.sh",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"docker-build": "docker build -t bw-export .",
|
"start": "export $(cat .env | xargs) && bash export.sh",
|
||||||
|
"build": "docker build -t bw-export .",
|
||||||
|
"test": "docker run -v \"$PWD\":/export bw-export:latest",
|
||||||
"publish": "bash docker-publish.sh"
|
"publish": "bash docker-publish.sh"
|
||||||
},
|
},
|
||||||
"repository": {
|
"repository": {
|
||||||
|
Loading…
Reference in New Issue
Block a user