Author: Paolo Lulli <paolo@lulli.net>
Features OK
nyckel | 166 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/nyckel b/nyckel new file mode 100755 index 0000000000000000000000000000000000000000..ea7c8c69f280cbfaf2dc826338ada366187aa56b --- /dev/null +++ b/nyckel @@ -0,0 +1,166 @@ +#! /bin/bash + +# Nyckel (nyckel) is Copyright (C) 2026 Paolo Lulli, Kevwe Technology AB +# +# This file is part of nyckel. +# +# nyckel is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, version 3. +# +# nyckel is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# + + +SECRETS_DIR=$HOME/.config/nyckel-secrets +CONFIG_DIR=$HOME/.config/nyckel +GLOBAL_CONFIG=${CONFIG_DIR}/config + +DEPENDENCIES="keepassxc-cli" + +test -d $CONFIG_DIR || mkdir -p $CONFIG_DIR + + +dependencies_check() +{ + for d in $DEPENDENCIES; do + CHK=$(which $d) + if [ "$CHK" = "" ]; then + echo "missing deps: [$d]"; + exit 1 + fi + done +} + + +create_profile(){ + echo "SETUP PROFILE" + profile_name=$1 + test -d $CONFIG_DIR/$profile_name && echo "Profile [${profile_name}] exists, exiting." + test -d $CONFIG_DIR/$profile_name && exit 1 + mkdir -p $SECRETS_DIR/$profile_name + mkdir -p $CONFIG_DIR/$profile_name + cat <<__EOL__ > $CONFIG_DIR/$profile_name/config +KEEPASS_KEY="" +KEEPASS_FILE="$SECRETS_DIR/$profile_name/key-$profile_name.keyx" +KEEPASS_DB="$CONFIG_DIR/$profile_name/$profile_name.kdbx" +INTERACTIVE=false +__EOL__ + +source "$CONFIG_DIR/$profile_name/config" +keepassxc-cli db-create --set-key-file ${KEEPASS_FILE} ${KEEPASS_DB} +} + +list_secrets(){ + profile=$1 + source "$CONFIG_DIR/$profile/config" + + echo "Secrets in profile: [${profile}]" + echo "--------" + keepassxc-cli ls --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB} +} + +add_secret(){ + profile=$1 + entry=$2 + source "$CONFIG_DIR/$profile/config" + + #echo "Secret Name" + #read entry + + echo "Username" + read entry_user + + keepassxc-cli add --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB} -u ${entry_user} ${entry} --password-prompt +} + +show_secret(){ + profile=$1 + entry=$2 + source "$CONFIG_DIR/$profile/config" + + keepassxc-cli show -s --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB} ${entry} +} + +clip_secret(){ + profile=$1 + entry=$2 + source "$CONFIG_DIR/$profile/config" + keepassxc-cli clip --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB} ${entry} +} + + +list_profiles(){ + echo "Profiles" + echo "--------" + for i in $(ls $CONFIG_DIR | sed -e s/config//); do echo ${i}; done +} + +usage(){ + program=$(basename $0) + echo "${program} -C <profile> : Create db <profile>" + echo "${program} -L : List profiles" + echo "${program} <profile> -l : List keys in db <profile>" + echo "${program} <profile> -W <secret> : Write <secret> into <profile> db" + echo "${program} <profile> -s <secret> : Show <secret> from <profile> db" + echo "${program} <profile> -c <secret> : Copy to clipboard <secret> from <profile> db" +} + + +dependencies_check + +if [ "$#" -gt 3 ]; then + usage + exit +fi +if [ "$#" -eq 0 ]; then + usage + exit +fi + +if [ "$#" -eq 1 ]; then + if [ "$1" == "-L" ]; then + list_profiles + exit + fi + usage +fi + +if [ "$#" -eq 2 ]; then + profile=$1 + if [ "$1" == "-C" ]; then + profile=$2 + create_profile "${profile}" + exit + fi + if [ "$2" == "-l" ]; then + list_secrets "${profile}" + exit + fi + + usage +fi + +if [ "$#" -eq 3 ]; then + profile_name=$1 + entryname=$3 + if [ "$2" == "-W" ]; then + add_secret "${profile_name}" "${entryname}" + exit + fi + + if [ "$2" == "-s" ]; then + show_secret "${profile_name}" "${entryname}" + exit + fi + + if [ "$2" == "-c" ]; then + clip_secret "${profile_name}" "${entryname}" + exit + fi + + usage +fi