| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 |
- import logging
- import os
- import shlex
- import borgmatic.execute
- logger = logging.getLogger(__name__)
- def load_credential(hook_config, config, credential_parameters):
- '''
- Given the hook configuration dict, the configuration dict, and a credential parameters tuple
- containing a KeePassXC database path and an attribute name to load, run keepassxc-cli to fetch
- the corresponding KeePassXC credential and return it.
- Raise ValueError if keepassxc-cli can't retrieve the credential.
- '''
- try:
- database_path, attribute_name = credential_parameters[:2]
- except ValueError:
- raise ValueError( f'Invalid KeePassXC credential parameters: {credential_parameters}')
- expanded_database_path = os.path.expanduser(database_path)
- if not os.path.exists(expanded_database_path):
- raise ValueError( f'KeePassXC database path does not exist: {database_path}')
-
- # Retrieve key file and Yubikey options from config
- key_file = hook_config.get('key_file')
- yubikey = hook_config.get('yubikey')
-
- # Build the keepassxc-cli command
- command = (
- tuple(shlex.split((hook_config or {}).get('keepassxc_cli_command', 'keepassxc-cli')))
- + (
- 'show',
- '--show-protected',
- '--attributes',
- 'Password',
- expanded_database_path,
- attribute_name,
- )
- )
-
- if key_file:
- command += ('--key-file', key_file)
-
- if yubikey:
- command += ('--yubikey', yubikey)
- try:
- return borgmatic.execute.execute_command_and_capture_output(command).rstrip(os.linesep)
- except Exception as e:
- raise ValueError(f'Failed to retrieve credential: {e}')
|
