added secret management lib

lib/secret.sh

@@ -0,0 +1,114 @@
+#!/bin/bash
+# ------------------------------------------------------------------------------
+# Secret management functions
+# This file is part of the init.sh project
+# Copyright (c) 2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# ------------------------------------------------------------------------------
+# This file is distributed under 3-clause BSD license.
+# The complete license agreement can be obtained at:
+# https://opensource.org/licenses/BSD-3-Clause
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Passbolt
+get_passbolt_secret() {
+    local name="$1" secret
+
+    if ! command -v passbolt >/dev/null 2>&1; then
+        prnt E "Passbolt CLI not found (required to fetch passbolt:$name)."
+        return 3
+    fi
+
+    # Exemple basé sur CLI Passbolt + jq
+    secret=$(passbolt secret list --json 2>/dev/null | jq -r --arg NAME "$name" \
+        '.[] | select(.name == $NAME) | .secrets[0].data' 2>/dev/null)
+
+    if [[ -z "$secret" || "$secret" == "null" ]]; then
+        prnt E "Secret '$name' not found in Passbolt."
+        return 4
+    fi
+
+    printf '%s' "$secret"
+}
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# File
+get_file_secret() {
+    local path="$1" secret
+
+    if [[ -z "$path" ]]; then
+        prnt E "get_file_secret: missing path"
+        return 5
+    fi
+    if [[ ! -r "$path" ]]; then
+        prnt E "get_file_secret: '$path' not readable"
+        return 6
+    fi
+
+    secret=$(<"$path")
+    secret="${secret%$'\r'}"
+    secret="${secret%$'\n'}"
+    printf '%s' "$secret"
+}
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Environment variable
+get_var_secret() {
+    local var="$1" secret
+
+    if [[ -z "$var" ]]; then
+        prnt E "get_var_secret: missing variable name"
+        return 7
+    fi
+    if ! printenv "$var" >/dev/null 2>&1; then
+        prnt E "get_var_secret: variable '$var' not set"
+        return 8
+    fi
+
+    secret="$(printenv "$var")"
+    secret="${secret%$'\r'}"
+    secret="${secret%$'\n'}"
+    printf '%s' "$secret"
+}
+# ------------------------------------------------------------------------------
+
+# ------------------------------------------------------------------------------
+# Main dispatcher
+# Usage: fetch_secret "scheme:identifier"
+fetch_secret() {
+    local ref="$1"
+    local scheme identifier func
+
+    if [[ -z "$ref" ]]; then
+        prnt E "fetch_secret: no reference provided"
+        return 1
+    fi
+
+    # par défaut, si pas de scheme -> "file"
+    if [[ "$ref" != *:* ]]; then
+        scheme="file"
+        identifier="$ref"
+    else
+        scheme="${ref%%:*}"
+        identifier="${ref#*:}"
+    fi
+
+    func="get_${scheme}_secret"
+
+    if ! declare -f "$func" >/dev/null 2>&1; then
+        prnt E "fetch_secret: unsupported scheme '$scheme' (no function $func)"
+        return 2
+    fi
+
+    "$func" "$identifier"
+}
+export -f fetch_secret
+# ------------------------------------------------------------------------------
+
+
+# EOF