Allow piping secrets

README.md

@@ -19,7 +19,7 @@ This is for you if:
 Use the install script for an easy interactive installation:
 
 ```sh
-curl -fsSL https://raw.githubusercontent.com/loteoo/ks/main/install | bash
+bash -c "$(curl -fsSL https://raw.githubusercontent.com/loteoo/ks/main/install)"
 ```
 
 This script is safe to re-run multiple times if your installation becomes corrupted for some reason.
@@ -75,23 +75,22 @@ Commands:
  help Show this help text
 ```
 
-### Adding a secret
+### Add secrets
 
 ```sh
 ks add my-secret 'password123'
-```
-
-> Note that this will add it to your shell history.
-
-Add secret from clipboard:
+# Note that this will add it to your shell history.
 
-```sh
+# Add a secret from your clipboard:
 pbpaste | ks add my-secret
 # or
 ks add my-secret "$(pbpaste)"
+
+# Generate high-entropy secret:
+openssl rand -hex 24 | ks add my-secret
 ```
 
-### Revealing a secret
+### Retrieve secrets
 
 ```sh
 ks show my-secret
@@ -100,13 +99,13 @@ ks show my-secret
 ks show my-secret | pbcopy
 ```
 
-### Deleting a secret
+### Delete secrets
 
 ```sh
 ks rm my-secret
 ```
 
-### Listing secrets
+### List secrets
 
 ```sh
 ks ls

install

@@ -38,8 +38,8 @@ yn() {
 }
 
 echo "Select install location:
- 1) For $USER user only. Script will be placed under: $LOCAL_BIN_PATH.
- 2) For whole system. Script will be placed under: $SYSTEM_BIN_PATH. Requires sudo."
+ 1) Local: For $USER user only. Location: $LOCAL_BIN_PATH.
+ 2) System: For whole system. Location: $SYSTEM_BIN_PATH. Requires sudo."
 read -r -n 1 -p "Pick one: " num
 echo
 case "$num" in
@@ -90,16 +90,20 @@ else
  info "✓ Script is executable."
 fi
 
+if [[ "$REQUIRES_RESTART" == "true" ]]; then
+ echo "${bold}Done! 🎉${normal}"
+ echo "Please restart your terminal to make $SCRIPT_NAME available, then run \"$SCRIPT_NAME init\"."
+ info "Give $SCRIPT_NAME it a star on Github if you like it! 🙏"
+ exit
+fi
+
 if ! security show-keychain-info "$KEYCHAIN_FILE" > /dev/null 2>&1; then
  $SCRIPT_NAME init
 else
  info "✓ Keychain \"$KEYCHAIN\" exists."
 fi
 
-if [[ "$REQUIRES_RESTART" == "true" ]]; then
- info "⚠️ Restart your terminal to make $SCRIPT_NAME available."
-fi
-
 info "Give $SCRIPT_NAME it a star on Github if you like it! 🙏"
-success "${bold}Installation completed! 🎉${normal}"
+echo "${bold}Installation completed! 🎉${normal}"
+info "Running \"$SCRIPT_NAME help\"."
 eval "$SCRIPT_NAME help"

ks

@@ -1,47 +1,59 @@
 #!/usr/bin/env bash
 
 add() {
- key="${1:?'Please provide the name of the secret to add.'}"
- value="${2:?'Please provide the value to encrypt.'}"
+ if [[ -z ${1+x} ]]; then
+ throw "No key specified. Please provide the name of the secret to add."
+ fi
+ if [[ -n "${2+x}" ]]; then
+ value="$2"
+ elif [[ ! -t 0 ]]; then
+ value="$(cat)"
+ else
+ throw "No secret specified. Please provide the value to encrypt."
+ fi
  security add-generic-password \
  -a "$USER" \
  -D secret \
- -s "$key" \
+ -s "$1" \
  -w "$value" \
  "$KEYCHAIN_FILE" \
  2> /dev/null \
- || throw "Secret \"$key\" already exists."
- success "Secret \"$key\" added."
+ || throw "Secret \"$1\" already exists."
+ success "Secret \"$1\" added."
 }
 
 show() {
- key="${1:?'Please provide the name of the secret to show.'}"
+ if [[ -z ${1+x} ]]; then
+ throw "No key specified. Please provide the name of the secret to show."
+ fi
  security find-generic-password \
  -a "$USER" \
- -s "$key" \
+ -s "$1" \
  -w \
  "$KEYCHAIN_FILE" \
  2> /dev/null \
- || throw "Secret \"$key\" was not found in keychain."
+ || throw "Secret \"$1\" was not found in keychain."
 }
 
 rm() {
- key="${1:?'Please provide the name of the secret to remove.'}"
+ if [[ -z ${1+x} ]]; then
+ throw "No key specified. Please provide the name of the secret to remove."
+ fi
  security delete-generic-password \
  -a "$USER" \
- -s "$key" \
+ -s "$1" \
  "$KEYCHAIN_FILE" \
  > /dev/null 2>&1 \
- || throw "Secret \"$key\" was not found in keychain."
- success "Secret \"$key\" deleted."
+ || throw "Secret \"$1\" was not found in keychain."
+ success "Secret \"$1\" deleted."
 }
 
 ls() {
  security dump-keychain "$KEYCHAIN_FILE" \
  | grep 0x00000007 \
  | awk -F= '{print $2}' \
  | tr -d \" \
- || throw "Keychain is empty."
+ || throw "No secrets found. Keychain is empty."
 }
 
 init() {