# netosecret.sh - bash script CLI {% stepper %} {% step %} ### CLI usage display command line options to interact with shell script ```bash #!/bin/bash # Ensure the script does not print or store sensitive data export HISTIGNORE='*echo*:*base64*' # Default values url="https://api.netography.com/api/v1" output_file="netosecret.env" envname="NETOSECRET" # Help function print_usage() { echo "Usage: $0 [shortname] [appname] [OPTIONS] Options: [shortname] Set the shortname [appname] Set the appname --env Read all variables from environment --envfile Read environment variables from the file --url Set a custom API URL --appkey Set the appkey (prompt if not provided) --sharedsecret Set the sharedsecret (prompt if not provided) --save Save to env file (default netosecret.env) --envname Variable name to write to in envfile (default NETOSECRET) --print Print the encoded netosecret --decode Decode NETOSECRET and print the JSON (contains secrets) -h, --help Display this help message netosecret is a tool to generate a single base64 encoded string containing all 5 components needed to authenticate to the Netography API (url, shortname, appname, sharedsecret, appkey). The 5 components are stored as key/values in a JSON object for encoding/decoding. If used with the --env or --envfile option, the script will read from environment in this order: URL: NETO__API__URL, NETO_URL, NETO__URL APPNAME: NETO__API__APP_NAME, NETO_APP_NAME, NETO_APPNAME SHORTNAME: NETO__API__SHORTNAME, NETO_SHORTNAME, NETO__SHORTNAME SHAREDSECRET: NETO__API__CREDENTIALS__SHARED_SECRET, NETO_SHAREDSECRET, NETO__SHAREDSECRET, NETO_SHARED_SECRET APPKEY: NETO__API__CREDENTIALS__APP_KEY, NETO__APPKEY, NETO__APP_KEY, NETO_APPKEY ``` {% endstep %} {% step %} ### netosecret JSON object format Display netosecret decoded JSON format {% code lineNumbers="true" %} ```bash netosecret JSON object format: { \"url\": \"\", \"shortname\": \"\", \"appname\": \"\", \"sharedsecret\": \"\", \"appkey\": \"\" }" } ``` {% endcode %} {% endstep %} {% step %} ### read from environment variables reads values from environment based on command line options ```bash # Function to get value from environment variables with fallbacks get_env_value() { local is_secret="$1" shift local keys=("$@") for key in "${keys[@]}"; do local value=$(printenv "$key") if [ -n "$value" ]; then echo "$value" if [ "$is_secret" = true ]; then value="******" fi echo "Read from env $key=$value" >&2 return fi done } ``` {% endstep %} {% step %} ### decode netosecret decodes netosecret from base64 string nto JSON string 
# Parse positional arguments
if [[ "$#" -gt 0 && "$1" != "-"* ]]; then
    shortname="$1"
    shift
fi

if [[ "$#" -gt 0 && "$1" != "-"* ]]; then
    appname="$1"
    shift
fi

# Parse command-line options
while [[ "$#" -gt 0 ]]; do
    case $1 in
        --url) url="$2"; shift ;;
        --appkey) appkey="$2"; shift ;;
        --sharedsecret) sharedsecret="$2"; shift ;;
        --save) output_file="$2"; shift ;;
        --env) use_env=true ;;
        --envfile) envfile="$2"; shift ;;
        --envname) envname="$2"; shift ;;
        --print) print_output=true ;;
        --decode) decode_secret=true; shift ;;
        -h|--help) print_usage; exit 0 ;;
        *) echo "Unknown parameter passed: $1"; print_usage; exit 1 ;;
    esac
    shift
done

# If envfile is specified, read values from the file first
if [ -n "$envfile" ]; then
    export $(grep -v '^#' "$envfile" | xargs)
fi


# Handle the decode option
if [ "$decode_secret" = true ]; then
        netosecret_to_decode=$(printenv "$envname")
        if [ -z "$netosecret_to_decode" ]; then
            read -s -p "Enter netosecret: " netosecret_to_decode      
            if [ -z "$netosecret_to_decode" ]; then
                echo "Error: No encoded string provided and $envname is not set in the environment."
                exit 1
            fi
        fi
    echo $netosecret_to_decode | base64 --decode
    exit 0
fi
{% endstep %} {% step %} ### encode netosecret Encodes JSON object with base64 
# If --env is specified or envfile is read, read values from environment variables
if [ "$use_env" = true ] || [ -n "$envfile" ]; then
    url=$(get_env_value false "NETO__API__URL" "NETO_URL" "NETO__URL")
    appname=$(get_env_value false "NETO__API__APP_NAME" "NETO_APP_NAME" "NETO_APPNAME")
    shortname=$(get_env_value false "NETO__API__SHORTNAME" "NETO_SHORTNAME" "NETO__SHORTNAME")
    sharedsecret=$(get_env_value true "NETO__API__CREDENTIALS__SHARED_SECRET" "NETO_SHAREDSECRET" "NETO__SHAREDSECRET" "NETO_SHARED_SECRET")
    appkey=$(get_env_value true "NETO__API__CREDENTIALS__APP_KEY" "NETO__APPKEY" "NETO__APP_KEY" "NETO_APPKEY")
fi

# Prompt for required values if not set
[ -z "$shortname" ] && read -p "Enter shortname: " shortname
[ -z "$appname" ] && read -p "Enter appname: " appname
if [ -z "$appkey" ]; then
  read -s -p "Enter appkey: " appkey
  echo
fi
if [ -z "$sharedsecret" ]; then
  read -s -p "Enter sharedsecret: " sharedsecret
  echo
fi

# Ensure all required fields are set
if [ -z "$shortname" ] || [ -z "$appname" ] || [ -z "$appkey" ] || [ -z "$sharedsecret" ]; then
    echo "Error: All fields (shortname, appname, url, appkey, sharedsecret) must be provided."
    exit 1
fi

# Create the JSON object with the URL
json=$(cat <<EOF
{
  "url": "$url",
  "shortname": "$shortname",
  "appname": "$appname",
  "sharedsecret": "$sharedsecret",
  "appkey": "$appkey"
}
EOF
)

# Encode the JSON object to Base64
encoded=$(echo -n "$json" | base64)

# Output based on provided options
if [ "$print_output" ]; then
    echo "$encoded"
else
    echo "$envname=$encoded" > "$output_file"
    echo "netosecret saved to $output_file"
fi

# Clear sensitive data from environment variables
unset json
unset encoded
unset appkey
unset sharedsecret
{% endstep %} {% endstepper %}