bitwarden/directory-connector
1
0
Fork 0
mirror of https://github.com/bitwarden/directory-connector synced 2025-12-15 15:53:41 +00:00
Code Issues Releases Wiki Activity

plaintext secrets env variable

Browse Source
This commit is contained in:
Kyle Spearrin
2019-07-05 11:57:25 -04:00
parent 173129014a
commit e6aa07ba5c
3 changed files with 64 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
jslib

Submodule jslib updated: 2aa71f98a1...2830121471

13
src/bwdc.ts
View File

@@ -25,6 +25,8 @@ import { NoopMessagingService } from 'jslib/services/noopMessaging.service';
import { TokenService } from 'jslib/services/token.service'; import { TokenService } from 'jslib/services/token.service';
import { UserService } from 'jslib/services/user.service'; import { UserService } from 'jslib/services/user.service';
import { StorageService as StorageServiceAbstraction } from 'jslib/abstractions/storage.service';
import { Program } from './program'; import { Program } from './program';
// tslint:disable-next-line // tslint:disable-next-line
@@ -35,7 +37,7 @@ export class Main {
logService: ConsoleLogService; logService: ConsoleLogService;
messagingService: NoopMessagingService; messagingService: NoopMessagingService;
storageService: LowdbStorageService; storageService: LowdbStorageService;
secureStorageService: KeytarSecureStorageService; secureStorageService: StorageServiceAbstraction;
i18nService: I18nService; i18nService: I18nService;
platformUtilsService: CliPlatformUtilsService; platformUtilsService: CliPlatformUtilsService;
constantsService: ConstantsService; constantsService: ConstantsService;
@@ -70,13 +72,15 @@ export class Main {
this.dataFilePath = path.join(process.env.HOME, '.config/' + applicationName); this.dataFilePath = path.join(process.env.HOME, '.config/' + applicationName);
} }
const plaintextSecrets = process.env.BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS === 'true';
this.i18nService = new I18nService('en', './locales'); this.i18nService = new I18nService('en', './locales');
this.platformUtilsService = new CliPlatformUtilsService('connector', packageJson); this.platformUtilsService = new CliPlatformUtilsService('connector', packageJson);
this.logService = new ConsoleLogService(this.platformUtilsService.isDev(), this.logService = new ConsoleLogService(this.platformUtilsService.isDev(),
(level) => process.env.BWCLI_DEBUG !== 'true' && level <= LogLevelType.Info); (level) => process.env.BITWARDENCLI_CONNECTOR_DEBUG !== 'true' && level <= LogLevelType.Info);
this.cryptoFunctionService = new NodeCryptoFunctionService(); this.cryptoFunctionService = new NodeCryptoFunctionService();
this.storageService = new LowdbStorageService(null, this.dataFilePath, true); this.storageService = new LowdbStorageService(null, this.dataFilePath, true);
this.secureStorageService = new KeytarSecureStorageService(applicationName); this.secureStorageService = plaintextSecrets ?
this.storageService : new KeytarSecureStorageService(applicationName);
this.cryptoService = new CryptoService(this.storageService, this.secureStorageService, this.cryptoService = new CryptoService(this.storageService, this.secureStorageService,
this.cryptoFunctionService); this.cryptoFunctionService);
this.appIdService = new AppIdService(this.storageService); this.appIdService = new AppIdService(this.storageService);
@@ -89,7 +93,8 @@ export class Main {
this.containerService = new ContainerService(this.cryptoService); this.containerService = new ContainerService(this.cryptoService);
this.authService = new AuthService(this.cryptoService, this.apiService, this.userService, this.tokenService, this.authService = new AuthService(this.cryptoService, this.apiService, this.userService, this.tokenService,
this.appIdService, this.i18nService, this.platformUtilsService, this.messagingService, true); this.appIdService, this.i18nService, this.platformUtilsService, this.messagingService, true);
this.configurationService = new ConfigurationService(this.storageService, this.secureStorageService); this.configurationService = new ConfigurationService(this.storageService, this.secureStorageService,
process.env.BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS !== 'true');
this.syncService = new SyncService(this.configurationService, this.logService, this.cryptoFunctionService, this.syncService = new SyncService(this.configurationService, this.logService, this.cryptoFunctionService,
this.apiService, this.messagingService, this.i18nService); this.apiService, this.messagingService, this.i18nService);
this.program = new Program(this); this.program = new Program(this);

103
src/services/configuration.service.ts
View File

@@ -25,7 +25,8 @@ const Keys = {
}; };
export class ConfigurationService { export class ConfigurationService {
constructor(private storageService: StorageService, private secureStorageService: StorageService) { } constructor(private storageService: StorageService, private secureStorageService: StorageService,
private useSecureStorageForSecrets = true) { }
async getDirectory<T>(type: DirectoryType): Promise<T> { async getDirectory<T>(type: DirectoryType): Promise<T> {
const config = await this.storageService.get<T>(Keys.directoryConfigPrefix + type); const config = await this.storageService.get<T>(Keys.directoryConfigPrefix + type);
@@ -33,19 +34,21 @@ export class ConfigurationService {
return config; return config;
} }
switch (type) { if (this.useSecureStorageForSecrets) {
case DirectoryType.Ldap: switch (type) {
(config as any).password = await this.secureStorageService.get<string>(Keys.ldap); case DirectoryType.Ldap:
break; (config as any).password = await this.secureStorageService.get<string>(Keys.ldap);
case DirectoryType.AzureActiveDirectory: break;
(config as any).key = await this.secureStorageService.get<string>(Keys.azure); case DirectoryType.AzureActiveDirectory:
break; (config as any).key = await this.secureStorageService.get<string>(Keys.azure);
case DirectoryType.Okta: break;
(config as any).token = await this.secureStorageService.get<string>(Keys.okta); case DirectoryType.Okta:
break; (config as any).token = await this.secureStorageService.get<string>(Keys.okta);
case DirectoryType.GSuite: break;
(config as any).privateKey = await this.secureStorageService.get<string>(Keys.gsuite); case DirectoryType.GSuite:
break; (config as any).privateKey = await this.secureStorageService.get<string>(Keys.gsuite);
break;
}
} }
return config; return config;
} }
@@ -53,41 +56,43 @@ export class ConfigurationService {
async saveDirectory(type: DirectoryType, async saveDirectory(type: DirectoryType,
config: LdapConfiguration | GSuiteConfiguration | AzureConfiguration | OktaConfiguration): Promise<any> { config: LdapConfiguration | GSuiteConfiguration | AzureConfiguration | OktaConfiguration): Promise<any> {
const savedConfig: any = Object.assign({}, config); const savedConfig: any = Object.assign({}, config);
switch (type) { if (this.useSecureStorageForSecrets) {
case DirectoryType.Ldap: switch (type) {
if (savedConfig.password == null) { case DirectoryType.Ldap:
await this.secureStorageService.remove(Keys.ldap); if (savedConfig.password == null) {
} else { await this.secureStorageService.remove(Keys.ldap);
await this.secureStorageService.save(Keys.ldap, savedConfig.password); } else {
savedConfig.password = StoredSecurely; await this.secureStorageService.save(Keys.ldap, savedConfig.password);
} savedConfig.password = StoredSecurely;
break; }
case DirectoryType.AzureActiveDirectory: break;
if (savedConfig.key == null) { case DirectoryType.AzureActiveDirectory:
await this.secureStorageService.remove(Keys.azure); if (savedConfig.key == null) {
} else { await this.secureStorageService.remove(Keys.azure);
await this.secureStorageService.save(Keys.azure, savedConfig.key); } else {
savedConfig.key = StoredSecurely; await this.secureStorageService.save(Keys.azure, savedConfig.key);
} savedConfig.key = StoredSecurely;
break; }
case DirectoryType.Okta: break;
if (savedConfig.token == null) { case DirectoryType.Okta:
await this.secureStorageService.remove(Keys.okta); if (savedConfig.token == null) {
} else { await this.secureStorageService.remove(Keys.okta);
await this.secureStorageService.save(Keys.okta, savedConfig.token); } else {
savedConfig.token = StoredSecurely; await this.secureStorageService.save(Keys.okta, savedConfig.token);
} savedConfig.token = StoredSecurely;
break; }
case DirectoryType.GSuite: break;
if (savedConfig.privateKey == null) { case DirectoryType.GSuite:
await this.secureStorageService.remove(Keys.gsuite); if (savedConfig.privateKey == null) {
} else { await this.secureStorageService.remove(Keys.gsuite);
(config as GSuiteConfiguration).privateKey = savedConfig.privateKey = } else {
savedConfig.privateKey.replace(/\\n/g, '\n'); (config as GSuiteConfiguration).privateKey = savedConfig.privateKey =
await this.secureStorageService.save(Keys.gsuite, savedConfig.privateKey); savedConfig.privateKey.replace(/\\n/g, '\n');
savedConfig.privateKey = StoredSecurely; await this.secureStorageService.save(Keys.gsuite, savedConfig.privateKey);
} savedConfig.privateKey = StoredSecurely;
break; }
break;
}
} }
await this.storageService.save(Keys.directoryConfigPrefix + type, savedConfig); await this.storageService.save(Keys.directoryConfigPrefix + type, savedConfig);
} }