keys-admin.git

ref: 26a2623bd705bdb9a4c75871bea86494daf5c4cc

./nyckel

#! /bin/bash

# Nyckel (nyckel) is Copyright (C) 2026 Paolo Lulli, Kevwe Technology AB
#
# This file is part of nyckel.
#
# nyckel is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3.
#
# nyckel is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#


SECRETS_DIR=$HOME/.config/nyckel-secrets
CONFIG_DIR=$HOME/.config/nyckel
GLOBAL_CONFIG=${CONFIG_DIR}/config

DEPENDENCIES="keepassxc-cli"

test -d $CONFIG_DIR || mkdir -p $CONFIG_DIR


dependencies_check()
{
  for d in $DEPENDENCIES; do
    CHK=$(which $d)
    if [ "$CHK" = "" ]; then
      echo "missing deps: [$d]";
      exit 1
    fi
  done
}


create_profile(){
  echo "SETUP PROFILE"
  profile_name=$1
  test -d $CONFIG_DIR/$profile_name && echo "Profile [${profile_name}] exists, exiting."
  test -d $CONFIG_DIR/$profile_name && exit 1
  mkdir -p $SECRETS_DIR/$profile_name
  mkdir -p $CONFIG_DIR/$profile_name
  cat <<__EOL__ > $CONFIG_DIR/$profile_name/config
KEEPASS_KEY=""
KEEPASS_FILE="$SECRETS_DIR/$profile_name/key-$profile_name.keyx"
KEEPASS_DB="$CONFIG_DIR/$profile_name/$profile_name.kdbx"
INTERACTIVE=false
__EOL__

source "$CONFIG_DIR/$profile_name/config"
keepassxc-cli db-create --set-key-file ${KEEPASS_FILE} ${KEEPASS_DB}
}

list_secrets(){
  profile=$1
  source "$CONFIG_DIR/$profile/config"

  echo "Secrets in profile: [${profile}]"
  echo "--------"
  keepassxc-cli ls --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB}
}

add_secret(){
  profile=$1
  entry=$2
  source "$CONFIG_DIR/$profile/config"

  #echo "Secret Name"
  #read entry

  echo "Username"
  read entry_user

  keepassxc-cli add --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB} -u ${entry_user} ${entry}  --password-prompt
}

delete_secret(){
  profile=$1
  entry=$2
  source "$CONFIG_DIR/$profile/config"

  keepassxc-cli rm --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB} ${entry} 
}

update_secret(){
  profile=$1
  entry=$2
  source "$CONFIG_DIR/$profile/config"

  echo "Username"
  read entry_user

  keepassxc-cli edit --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB} -u ${entry_user} ${entry}  --password-prompt
}

add_random_secret(){
  profile=$1
  entry=$2
  source "$CONFIG_DIR/$profile/config"

  #echo "Secret Name"
  #read entry

  echo "Username"
  read entry_user

  keepassxc-cli add --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB} -u ${entry_user} --generate ${entry}
}

show_secret(){
  profile=$1
  entry=$2
  source "$CONFIG_DIR/$profile/config"

  keepassxc-cli show -s --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB} ${entry}
}

clip_secret(){
  profile=$1
  entry=$2
  source "$CONFIG_DIR/$profile/config"
  keepassxc-cli clip --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB} ${entry}
}


list_profiles(){
  echo "Profiles"
  echo "--------"
  for i in $(ls $CONFIG_DIR  | sed -e s/config//); do echo ${i}; done
}

usage(){
  program=$(basename $0)
echo " _   _            _        _ "
echo "| \ | |_   _  ___| | _____| |"
echo "|  \| | | | |/ __| |/ / _ \ |"
echo "| |\  | |_| | (__|   <  __/ |"
echo "|_| \_|\__, |\___|_|\_\___|_|"
echo "       |___/                 "
echo "                             "
  echo "${program} -C              : Create db "
  echo "${program} -L                       : List profiles"
  echo "${program}  -l             : List keys in db "
  echo "${program}  -W     : Write  into  db"
  echo "${program}  -D     : Delete  from  db"
  echo "${program}  -U     : Update  into  db"
  echo "${program}  -G     : Generate a random secret and write as  into  db"
  echo "${program}  -s     : Show  from  db"
  echo "${program}  -c     : Copy to clipboard  from  db"
}


dependencies_check

if [ "$#" -gt 3 ]; then
  usage
  exit
fi
if [ "$#" -eq 0 ]; then
  usage
  exit
fi

if [ "$#" -eq 1 ]; then
  if [ "$1" == "-L" ]; then
    list_profiles
    exit
  fi
  usage
fi

if [ "$#" -eq 2 ]; then
  profile=$1
  if [ "$1" == "-C" ]; then
    profile=$2
    create_profile "${profile}"
    exit
  fi
  if [ "$2" == "-l" ]; then
    list_secrets "${profile}"
    exit
  fi

  usage
fi

if [ "$#" -eq 3 ]; then
  profile_name=$1
  entryname=$3
  if [ "$2" == "-W" ]; then
    add_secret "${profile_name}" "${entryname}"
    exit
  fi

  if [ "$2" == "-D" ]; then
    delete_secret "${profile_name}" "${entryname}"
    exit
  fi

  if [ "$2" == "-U" ]; then
    update_secret "${profile_name}" "${entryname}"
    exit
  fi

  if [ "$2" == "-G" ]; then
    add_random_secret "${profile_name}" "${entryname}"
    exit
  fi

  if [ "$2" == "-s" ]; then
    show_secret "${profile_name}" "${entryname}"
    exit
  fi

    if [ "$2" == "-c" ]; then
      clip_secret "${profile_name}" "${entryname}"
      exit
    fi

  usage
fi