Last active
May 6, 2020 12:13
-
-
Save alexandrusavin/eb43da48d63b53d468ac60948b123d96 to your computer and use it in GitHub Desktop.
CLI tool which enables you to login and retrieve AWS temporary credentials using clisso and 1Password
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| SCRIPT=$(basename "$0") | |
| exitWithError () { | |
| echo -e "$1" 1>&2 | |
| exit 1 | |
| } | |
| usage () { | |
| cat <<HELP_USAGE | |
| Usage: | |
| ${SCRIPT} [options] appName1 appName2 | |
| Options: | |
| -d | --opDomain Sets the name of the 1Password domain (Required). | |
| -s | --opSessionKey Sets the 1Password session key. If not passed, op will ask for the password | |
| ex: ${SCRIPT} -d myDomain --opSessionKey XLC6cHkeSHByBqrikXt36fdMVLLdHuoACNFUrNMuRXQ appName | |
| -i | --opItem Sets the id of the 1Password item that holds the OneLogin password and OTP (defaults to OneLogin) | |
| ex: ${SCRIPT} -d myDomain --opItem SomeItemId appName | |
| -h | --help Show this help message. | |
| HELP_USAGE | |
| exit 0 | |
| } | |
| APPS=() | |
| while [[ $# -gt 0 ]] | |
| do | |
| key="$1" | |
| case $key in | |
| -s | --opSessionKey) | |
| OP_SESSION_KEY="$2" | |
| shift 2 | |
| ;; | |
| -i | --opItem) | |
| OP_ITEM="$2" | |
| shift 2 | |
| ;; | |
| -d | --opDomain) | |
| OP_DOMAIN="$2" | |
| shift 2 | |
| ;; | |
| -h | --help) | |
| usage | |
| ;; | |
| -*) | |
| usage | |
| ;; | |
| *) | |
| APPS+=($1) | |
| shift | |
| ;; | |
| esac | |
| done | |
| if [[ ${#APPS[@]} == 0 ]] | |
| then | |
| usage | |
| fi | |
| if [[ "${OP_DOMAIN}" == "" ]]; then usage; fi | |
| if [[ $(command -v op) == "" ]]; then exitWithError "Error: \`op\` program not found"; fi | |
| if [[ $(command -v clisso) == "" ]]; then exitWithError "Error: \`clisso\` program not found"; fi | |
| if [[ $(command -v jq) == "" ]]; then exitWithError "Error: \`jq\` program not found"; fi | |
| if [[ "${OP_SESSION_KEY}" == "" ]]; then OP_SESSION_KEY=$(op signin --output=raw) || exit $?; fi | |
| eval "export OP_SESSION_${OP_DOMAIN}=${OP_SESSION_KEY}" | |
| if [[ "${OP_ITEM}" == "" ]]; then OP_ITEM="OneLogin"; fi | |
| printf "Getting the OneLogin password...\n" | |
| ONE_LOGIN_PASS=$(op get item ${OP_ITEM} | jq -r '.details.fields[] | select(.designation=="password").value') | |
| if [[ ${ONE_LOGIN_PASS} == "" ]]; then | |
| exitWithError "Could not retrieve OneLogin password. Please make sure that you have an item called exactly \`$OP_ITEM\` in your 1Password account." | |
| exit 1 | |
| fi | |
| for (( i=0; i < ${#APPS[@]}; i+=1 )) | |
| do | |
| printf "\nGetting a new one-time password...\n" | |
| OTP=$(op get totp ${OP_ITEM}) | |
| printf "Getting credentials for ${APPS[i]}...\n" | |
| printf "%s\n%s\n" ${ONE_LOGIN_PASS} ${OTP} | clisso get ${APPS[i]} > /dev/null | |
| if [[ ${i} < $((${#APPS[@]} - 1)) ]] | |
| then | |
| printf "Waiting 30 sec before asking for a new one-time password...\n" | |
| sleep 30 | |
| fi | |
| done | |
| printf "\nSigning out of op...\n" | |
| op signout | |
| printf "Done!\n" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment