Add vault git credential helper and consult it always

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2023-08-25 17:44:14 +02:00
parent 31dc52106d
commit 9d1896bb23
Signed by: luzifer
GPG key ID: D91C3E91E4CAD6F5
2 changed files with 31 additions and 0 deletions

View file

@ -27,6 +27,9 @@ pager = less -F -X
repositoryformatversion = 0 repositoryformatversion = 0
warnAmbiguousRefs = false warnAmbiguousRefs = false
[credential]
helper = vault
[diff] [diff]
renames = true renames = true

28
bin/git-credential-vault Executable file
View file

@ -0,0 +1,28 @@
#!/usr/bin/env bash
set -euo pipefail
source "${HOME}/bin/script_framework.sh"
function handle_get() {
while read line; do
local param=$(cut -d '=' -f 1 <<<"${line}")
local value=$(cut -d '=' -f 2- <<<"${line}")
[[ $param == host ]] || continue
vault read -format=json secret/git-credential/${value} 2>/dev/null | jq -r '.data | to_entries[] | [.key, .value] | join("=")' || return 1
info "[git-credential-vault] Read credential for '${value}' from Vault"
done
}
function main() {
local action="${1:-_invalid}"
shift
case ${action} in
get) handle_get ;;
*) return 1 ;;
esac
}
main "$@"