edosrecki/Viscosity-1Password.md

## Viscosity-1Password.md

      
    Raw
  

              Viscosity-1Password.md
            
          
    Viscosity & 1Password Integration

This gist provides instructions to integrate Viscosity OpenVPN Client
with 1Password password manager. It automatically fetches credentials (username
and one-time password) from 1Password application and provides them to Viscosity so that you can connect to a
VPN server without having to manually input your credentials every time. 1Password will ask you to authenticate
with biometrics if necessary.
Steps


Configure 1Password item for VPN credentials. Note vault name, item name, username label and one-time password label.
These need to be provided to viscosity-credentials.sh script via options (check help message).


Install 1Password CLI.
Add viscosity-credentials.sh to your PATH.
Create AppleScript with folllowing contents:

set credentials to do shell script "viscosity-credentials.sh -v <VAULT> -i <ITEM>"
return credentials


Edit your Viscosity connection:

Select your AppleScript in Advanced -> Before Connect Script


Connecting

Use your biometrics to connect to a VPN server.


## viscosity-credentials.sh
#!/usr/bin/env bash

function usage() {
    CODE=0
    if [ -n "$1" ]; then
        CODE=1

        echo -e -n "\x1B[1;31mError:\x1B[0m "
        echo -e "$1\n"
    fi

    echo "Usage:"
    echo "  $0 --vault <vault> --item <item> [-u <username-label>] [-o <otp-label>]"
    echo
    echo "Description:"
    echo "  Returns username and one-time password (OTP) from a 1Password item."
    echo "  Requires the 1Password CLI to be installed."
    echo
    echo "Options:"
    echo "  -v, --vault             1Password vault"
    echo "  -i, --item              1Password item"
    echo "  -u, --username-label    1Password item username label (default: username)"
    echo "  -o, --otp-label         1Password item OTP label (default: otp)"
    echo "  -h, --help              Show this help message"
    echo
    echo "Examples:"
    echo "  Get credentials from a vault 'Work' and an item 'OpenVPN'."
    echo
    echo "    $0 --vault Work --item OpenVPN"
    echo
    echo "  Get credentials from a vault 'Personal' and an item 'VPN' with an OTP label"
    echo "  'one-time password'."
    echo
    echo "    $0 -v Work -i VPN -o 'one-time password'"
    echo

    exit "$CODE"
}

if ! [ -x "$(command -v op)" ]; then
    usage '1Password CLI is not installed.'
fi

# Parse options
while [[ $# -gt 0 ]]; do
    case $1 in
    -v | --vault)
        VAULT=$2
        shift
        shift
        ;;
    -i | --item)
        ITEM=$2
        shift
        shift
        ;;
    -u | --user-label)
        USER_LABEL=$2
        shift
        shift
        ;;
    -o | --otp-label)
        OTP_LABEL=$2
        shift
        shift
        ;;
    -h | --help)
        usage
        ;;
    *)
        usage "Unknown option: '$1'."
        ;;
    esac
done

if [ -z "$VAULT" ]; then usage "Option '--vault' must be set."; fi
if [ -z "$ITEM" ]; then usage "Option '--item' must be set."; fi

USER_LABEL=${USER_LABEL:-username}
OTP_LABEL=${OTP_LABEL:-otp}

op signin

USERNAME=$(op read "op://${VAULT}/${ITEM}/${USER_LABEL}?attribute=value")
OTP=$(op read "op://${VAULT}/${ITEM}/${OTP_LABEL}?attribute=otp")

echo "userpass $USERNAME $OTP"
	#!/usr/bin/env bash

	function usage() {
	CODE=0
	if [ -n "$1" ]; then
	CODE=1

	echo -e -n "\x1B[1;31mError:\x1B[0m "
	echo -e "$1\n"
	fi

	echo "Usage:"
	echo " $0 --vault <vault> --item <item> [-u <username-label>] [-o <otp-label>]"
	echo
	echo "Description:"
	echo " Returns username and one-time password (OTP) from a 1Password item."
	echo " Requires the 1Password CLI to be installed."
	echo
	echo "Options:"
	echo " -v, --vault 1Password vault"
	echo " -i, --item 1Password item"
	echo " -u, --username-label 1Password item username label (default: username)"
	echo " -o, --otp-label 1Password item OTP label (default: otp)"
	echo " -h, --help Show this help message"
	echo
	echo "Examples:"
	echo " Get credentials from a vault 'Work' and an item 'OpenVPN'."
	echo
	echo " $0 --vault Work --item OpenVPN"
	echo
	echo " Get credentials from a vault 'Personal' and an item 'VPN' with an OTP label"
	echo " 'one-time password'."
	echo
	echo " $0 -v Work -i VPN -o 'one-time password'"
	echo

	exit "$CODE"
	}

	if ! [ -x "$(command -v op)" ]; then
	usage '1Password CLI is not installed.'
	fi

	# Parse options
	while [[ $# -gt 0 ]]; do
	case $1 in
	-v \| --vault)
	VAULT=$2
	shift
	shift
	;;
	-i \| --item)
	ITEM=$2
	shift
	shift
	;;
	-u \| --user-label)
	USER_LABEL=$2
	shift
	shift
	;;
	-o \| --otp-label)
	OTP_LABEL=$2
	shift
	shift
	;;
	-h \| --help)
	usage
	;;
	*)
	usage "Unknown option: '$1'."
	;;
	esac
	done

	if [ -z "$VAULT" ]; then usage "Option '--vault' must be set."; fi
	if [ -z "$ITEM" ]; then usage "Option '--item' must be set."; fi

	USER_LABEL=${USER_LABEL:-username}
	OTP_LABEL=${OTP_LABEL:-otp}

	op signin

	USERNAME=$(op read "op://${VAULT}/${ITEM}/${USER_LABEL}?attribute=value")
	OTP=$(op read "op://${VAULT}/${ITEM}/${OTP_LABEL}?attribute=otp")

	echo "userpass $USERNAME $OTP"