40 lines
878 B
Bash
Executable File
40 lines
878 B
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
|
VAULT_FILE="${VAULT_FILE:-$REPO_DIR/secrets/vault.yml}"
|
|
VAULT_PASS_FILE="${VAULT_PASS_FILE:-$HOME/.config/continuous-ai-workflow-spec/vault-pass.txt}"
|
|
|
|
usage() {
|
|
cat <<EOF
|
|
用法: $(basename "$0") <key>
|
|
|
|
範例:
|
|
$(basename "$0") gitea.api_token
|
|
$(basename "$0") openclaw_alice.http_nodes.gitea.password
|
|
|
|
讀取 vault 中的單一 key。
|
|
EOF
|
|
}
|
|
|
|
KEY="${1:-}"
|
|
[ -n "$KEY" ] || { usage; exit 1; }
|
|
|
|
TMP_DEC=$(mktemp)
|
|
chmod 600 "$TMP_DEC"
|
|
ansible-vault decrypt "$VAULT_FILE" --vault-password-file "$VAULT_PASS_FILE" --output "$TMP_DEC" 2>/dev/null
|
|
|
|
python3 - <<PY
|
|
import yaml
|
|
from pathlib import Path
|
|
|
|
data = yaml.safe_load(Path('$TMP_DEC').read_text())
|
|
parts = '$KEY'.split('.')
|
|
val = data
|
|
for p in parts:
|
|
val = val.get(p, '')
|
|
print(val if val else '')
|
|
PY
|
|
|
|
rm -f "$TMP_DEC"
|