ref: 396ef2f75d9197909926a91ba0e0aa7dc7e0aa56
./nyckel
#! /bin/bash
# Nyckel (nyckel) is Copyright (C) 2026 Paolo Lulli, Kevwe Technology AB
#
# This file is part of nyckel.
#
# nyckel is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3.
#
# nyckel is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
SECRETS_DIR=$HOME/.config/nyckel-secrets
CONFIG_DIR=$HOME/.config/nyckel
GLOBAL_CONFIG=${CONFIG_DIR}/config
DEPENDENCIES="keepassxc-cli"
test -d $CONFIG_DIR || mkdir -p $CONFIG_DIR
dependencies_check()
{
for d in $DEPENDENCIES; do
CHK=$(which $d)
if [ "$CHK" = "" ]; then
echo "missing deps: [$d]";
exit 1
fi
done
}
create_profile(){
echo "SETUP PROFILE"
profile_name=$1
test -d $CONFIG_DIR/$profile_name && echo "Profile [${profile_name}] exists, exiting."
test -d $CONFIG_DIR/$profile_name && exit 1
mkdir -p $SECRETS_DIR/$profile_name
mkdir -p $CONFIG_DIR/$profile_name
cat <<__EOL__ > $CONFIG_DIR/$profile_name/config
KEEPASS_KEY=""
KEEPASS_FILE="$SECRETS_DIR/$profile_name/key-$profile_name.keyx"
KEEPASS_DB="$CONFIG_DIR/$profile_name/$profile_name.kdbx"
INTERACTIVE=false
__EOL__
source "$CONFIG_DIR/$profile_name/config"
keepassxc-cli db-create --set-key-file ${KEEPASS_FILE} ${KEEPASS_DB}
}
list_secrets(){
profile=$1
source "$CONFIG_DIR/$profile/config"
echo "Secrets in profile: [${profile}]"
echo "--------"
keepassxc-cli ls --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB}
}
add_secret(){
profile=$1
entry=$2
source "$CONFIG_DIR/$profile/config"
#echo "Secret Name"
#read entry
echo "Username"
read entry_user
keepassxc-cli add --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB} -u ${entry_user} ${entry} --password-prompt
}
update_secret(){
profile=$1
entry=$2
source "$CONFIG_DIR/$profile/config"
echo "Username"
read entry_user
keepassxc-cli edit --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB} -u ${entry_user} ${entry} --password-prompt
}
add_random_secret(){
profile=$1
entry=$2
source "$CONFIG_DIR/$profile/config"
#echo "Secret Name"
#read entry
echo "Username"
read entry_user
keepassxc-cli add --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB} -u ${entry_user} --generate ${entry}
}
show_secret(){
profile=$1
entry=$2
source "$CONFIG_DIR/$profile/config"
keepassxc-cli show -s --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB} ${entry}
}
clip_secret(){
profile=$1
entry=$2
source "$CONFIG_DIR/$profile/config"
keepassxc-cli clip --key-file ${KEEPASS_FILE} --no-password ${KEEPASS_DB} ${entry}
}
list_profiles(){
echo "Profiles"
echo "--------"
for i in $(ls $CONFIG_DIR | sed -e s/config//); do echo ${i}; done
}
usage(){
program=$(basename $0)
echo "${program} -C : Create db "
echo "${program} -L : List profiles"
echo "${program} -l : List keys in db "
echo "${program} -W : Write into db"
echo "${program} -U : Update into db"
echo "${program} -G : Generate a random secret and write as into db"
echo "${program} -s : Show from db"
echo "${program} -c : Copy to clipboard from db"
}
dependencies_check
if [ "$#" -gt 3 ]; then
usage
exit
fi
if [ "$#" -eq 0 ]; then
usage
exit
fi
if [ "$#" -eq 1 ]; then
if [ "$1" == "-L" ]; then
list_profiles
exit
fi
usage
fi
if [ "$#" -eq 2 ]; then
profile=$1
if [ "$1" == "-C" ]; then
profile=$2
create_profile "${profile}"
exit
fi
if [ "$2" == "-l" ]; then
list_secrets "${profile}"
exit
fi
usage
fi
if [ "$#" -eq 3 ]; then
profile_name=$1
entryname=$3
if [ "$2" == "-W" ]; then
add_secret "${profile_name}" "${entryname}"
exit
fi
if [ "$2" == "-U" ]; then
update_secret "${profile_name}" "${entryname}"
exit
fi
if [ "$2" == "-G" ]; then
add_random_secret "${profile_name}" "${entryname}"
exit
fi
if [ "$2" == "-s" ]; then
show_secret "${profile_name}" "${entryname}"
exit
fi
if [ "$2" == "-c" ]; then
clip_secret "${profile_name}" "${entryname}"
exit
fi
usage
fi