Migrate secrets management from Keeper to Bitwarden CLI

vitorpy.com / dotfiles

fork atom

vitorpy's Dotfiles

fork atom

vitorpy 5 months ago 00d97968 309854d7

+17 -44

2 changed files

expand all

private_dot_config

fish

fish_variables

secrets.fish

+1 -1

private_dot_config/fish/fish_variables

··· 36 36 SETUVAR fish_pager_color_prefix:normal\x1e\x2d\x2dbold\x1e\x2d\x2dunderline 37 37 SETUVAR fish_pager_color_progress:brwhite\x1e\x2d\x2dbackground\x3dcyan 38 38 SETUVAR fish_pager_color_selected_background:\x2dr 39 - SETUVAR fish_user_paths:/home/vitorpy/\x2eopencode/bin\x1e/home/vitorpy/\x2elocal/bin\x1e/home/vitorpy/\x2ejuliaup/bin\x1e/home/vitorpy/\x2epyenv/bin\x1e/home/vitorpy/\x2eavm/bin\x1e/home/vitorpy/\x2elocal/share/solana/install/active_release/bin\x1e/home/vitorpy/\x2ecargo/bin\x1e/home/vpb/\x2elocal/bin\x1e/home/vpb/\x2ervm/bin\x1e/home/vpb/\x2epyenv/bin\x1e/home/vpb/\x2efoundry/bin\x1e/home/vpb/\x2ecargo/bin\x1e/home/vpb/\x2elocal/share/solana/install/active_release/bin\x1e/home/vpb/\x2econfig/\x2efoundry/bin 39 + SETUVAR fish_user_paths:/home/vitorpy/go/bin\x1e/home/vitorpy/\x2eopencode/bin\x1e/home/vitorpy/\x2elocal/bin\x1e/home/vitorpy/\x2ejuliaup/bin\x1e/home/vitorpy/\x2epyenv/bin\x1e/home/vitorpy/\x2eavm/bin\x1e/home/vitorpy/\x2elocal/share/solana/install/active_release/bin\x1e/home/vitorpy/\x2ecargo/bin\x1e/home/vpb/\x2elocal/bin\x1e/home/vpb/\x2ervm/bin\x1e/home/vpb/\x2epyenv/bin\x1e/home/vpb/\x2efoundry/bin\x1e/home/vpb/\x2ecargo/bin\x1e/home/vpb/\x2elocal/share/solana/install/active_release/bin\x1e/home/vpb/\x2econfig/\x2efoundry/bin

+16 -43

private_dot_config/fish/secrets.fish

··· 1 1 # Fish Shell Secrets Configuration 2 - # This file sources secrets from Keeper Commander if available 3 - 4 - # Check if Keeper Commander is available and configured 5 - if command -v keeper &> /dev/null 6 - # Set keeper config path 7 - set -l keeper_config "$HOME/.keeper/config.json" 2 + # This file sources secrets from Bitwarden CLI if available 8 3 9 - # Check if config exists and we can access Keeper 10 - if test -f "$keeper_config" 11 - 12 - # Helper function to get secret from Keeper 13 - function get_keeper_secret 14 - set -l record_uid $argv[1] 15 - set -l field $argv[2] 16 - set -l keeper_config "$HOME/.keeper/config.json" 4 + # Check if Bitwarden CLI is available and we have a session 5 + if command -v bw &> /dev/null 6 + # Check if BW_SESSION is set 7 + if test -n "$BW_SESSION" 8 + # Helper function to get secret from Bitwarden 9 + function get_bitwarden_secret 10 + set -l item_name $argv[1] 17 11 18 - # Get the secret and suppress errors 19 - keeper --config "$keeper_config" get "$record_uid" --format=json 2>/dev/null | python3 -c " 20 - import sys, json 21 - try: 22 - data = json.load(sys.stdin) 23 - if '$field' == 'password': 24 - print(data.get('password', ''), end='') 25 - elif '$field' == 'login': 26 - print(data.get('login', ''), end='') 27 - else: 28 - # Look in custom fields 29 - for field in data.get('custom', []): 30 - if field.get('name') == '$field': 31 - print(field.get('value', ''), end='') 32 - break 33 - except: 34 - pass 35 - " 12 + # Get the secret password field and suppress errors 13 + bw get password "$item_name" --session "$BW_SESSION" 2>/dev/null 36 14 end 37 15 38 16 # Set ANTHROPIC_API_KEY 39 - set -l anthropic_key (get_keeper_secret "r_HJvm0objPd0IVpJS6sHw" "password") 17 + set -l anthropic_key (get_bitwarden_secret "Anthropic API Key") 40 18 if test -n "$anthropic_key" 41 19 set -gx ANTHROPIC_API_KEY "$anthropic_key" 42 20 end 43 21 44 22 # Set NPM_TOKEN for npmrc 45 - set -l npm_token (get_keeper_secret "UXmsbgffjKU-e3BnTZ1MpA" "password") 23 + set -l npm_token (get_bitwarden_secret "NPM Registry Token") 46 24 if test -n "$npm_token" 47 25 set -gx NPM_TOKEN "$npm_token" 48 26 end 49 27 50 28 else 51 - # Keeper config not found 52 - echo "Keeper config not found at ~/.keeper/config.json. Run: keeper --config ~/.keeper/config.json login" >&2 29 + # BW_SESSION not set 30 + echo "BW_SESSION not set. Run: export BW_SESSION=\$(bw unlock --raw)" >&2 53 31 end 54 32 else 55 - # Keeper not installed - use fallback or prompt 56 - echo "Keeper Commander not installed. Run: ~/.local/share/chezmoi/scripts/setup-keeper-secrets.sh" >&2 57 - end 58 - 59 - # Fallback: source local secrets file if it exists (for non-Keeper setup) 60 - if test -f ~/.config/fish/secrets.local.fish 61 - source ~/.config/fish/secrets.local.fish 33 + # Bitwarden CLI not installed 34 + echo "Bitwarden CLI not installed. Run: brew install bitwarden-cli" >&2 62 35 end