git-credential-vault-secrets

#!/bin/bash
set -eu
# set -o xtrace

basedir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
. "$basedir/lib/shared.bash"

# The function creates global variables with the parsed results.
# It returns 0 if parsing was successful or non-zero otherwise.
#
# [schema://][user[:password]@]host[:port][/path][?[arg1=val1]...][#fragment]
#
# from http://vpalos.com/537/uri-parsing-using-bash-built-in-features/
parse_url() {
  local uri="$*"

  # safe escaping
  uri="${uri//\`/%60}"
  uri="${uri//\"/%22}"

  # top level parsing
  pattern='^(([a-z]{3,5})://)?((([^:\/]+)(:([^@\/]*))?@)?([^:\/?]+)(:([0-9]+))?)(\/[^?]*)?(\?[^#]*)?(#.*)?$'
  [[ "$uri" =~ $pattern ]] || return 1;

  # component extraction
  uri=${BASH_REMATCH[0]}
  export uri_schema=${BASH_REMATCH[2]}
  export uri_address=${BASH_REMATCH[3]}
  export uri_user=${BASH_REMATCH[5]}
  export uri_password=${BASH_REMATCH[7]}
  export uri_host=${BASH_REMATCH[8]}
  export uri_port=${BASH_REMATCH[9]}
  export uri_path=${BASH_REMATCH[11]}
  export uri_query=${BASH_REMATCH[12]}
  export uri_fragment=${BASH_REMATCH[13]}

  # path parsing
  count=0
  path="$uri_path"
  pattern='^/+([^/]+)'
  while [[ $path =~ $pattern ]]; do
    eval "uri_parts[$count]=\"${BASH_REMATCH[1]}\""
    path="${path:${#BASH_REMATCH[0]}}"
    ((count++))
  done

  # query parsing
  count=0
  query="$uri_query"
  pattern='^[?&]+([^= ]+)(=([^&]*))?'
  while [[ "$query" =~ $pattern ]]; do
    eval "uri_args[$count]=\"${BASH_REMATCH[1]}\""
    eval "uri_arg_${BASH_REMATCH[1]}=\"${BASH_REMATCH[3]}\""
    query="${query:${#BASH_REMATCH[0]}}"
    ((count++))
  done

  # query was parsed correctly
  return 0
}

vault_svr="$1"
key="$2"
action="${3:-get}"

# we only support get and we don't parse the stdin params
if [ "$action" == "get" ] ; then

  # read git-credentials, which is a list of uris
  secret_download "$vault_svr" "$key" | while read -r uri ; do
    if ! parse_url "$uri" ; then
      echo "Failed to parse uri $uri" >&2
      exit 1
    fi

    # https://git-scm.com/docs/git-credential#IOFMT
    echo "protocol=${uri_schema}"
    echo "host=${uri_host}${uri_port}"
    echo "username=${uri_user}"
    echo "password=${uri_password}"
  done
fi