fixes and improvements from work setup

2026-04-09 09:38:33 +02:00
parent 2afffb0488
commit 214efb0e8a
5 changed files with 158 additions and 36 deletions
--- a/zsh/.zsh_aliases
+++ b/zsh/.zsh_aliases
@@ -17,12 +17,84 @@ for index ({1..9}) alias "c$index"="cd +${index}"; unset index
 # shfmt:ignore:end

 alias kpget="keepassxc-cli show -a Password ${KEEPASS_DB}"
+alias kptotp="keepassxc-cli show -t ${KEEPASS_DB}"

+# --- KeePassXC cached session (password stored in OS keychain) ---
+# macOS: security (Keychain)
+# Linux: secret-tool (GNOME Keyring via libsecret-tools)
+_KP_KEYCHAIN_SVC="keepassxc-cli-cache"
+_KP_KEYCHAIN_ACCT="master-password"
+
+_kp_pw_store() {
+    case "$(uname -s)" in
+        Darwin)
+            security add-generic-password -U \
+                -s "$_KP_KEYCHAIN_SVC" -a "$_KP_KEYCHAIN_ACCT" -w "$1"
+            ;;
+        Linux)
+            echo -n "$1" | secret-tool store --label="$_KP_KEYCHAIN_SVC" \
+                service "$_KP_KEYCHAIN_SVC" account "$_KP_KEYCHAIN_ACCT"
+            ;;
+    esac
+}
+
+_kp_pw_get() {
+    case "$(uname -s)" in
+        Darwin)
+            security find-generic-password \
+                -s "$_KP_KEYCHAIN_SVC" -a "$_KP_KEYCHAIN_ACCT" -w 2>/dev/null
+            ;;
+        Linux)
+            secret-tool lookup \
+                service "$_KP_KEYCHAIN_SVC" account "$_KP_KEYCHAIN_ACCT" 2>/dev/null
+            ;;
+    esac
+}
+
+_kp_pw_clear() {
+    case "$(uname -s)" in
+        Darwin)
+            security delete-generic-password \
+                -s "$_KP_KEYCHAIN_SVC" -a "$_KP_KEYCHAIN_ACCT" &>/dev/null
+            ;;
+        Linux)
+            secret-tool clear \
+                service "$_KP_KEYCHAIN_SVC" account "$_KP_KEYCHAIN_ACCT" 2>/dev/null
+            ;;
+    esac
+}
+
+_kp_run() {
+    local pw stderr_redir="/dev/null"
+    [[ -n "$KP_DEBUG" ]] && stderr_redir="/dev/stderr"
+    pw=$(_kp_pw_get)
+    if [[ -z "$pw" ]]; then
+        read -rs "pw?KeePassXC master password: " </dev/tty && echo
+        _kp_pw_store "$pw" || return 1
+    fi
+    echo "$pw" | keepassxc-cli "$@" 2>"$stderr_redir"
+}
+
+kpclose() { _kp_pw_clear && echo "KeePassXC session cleared."; }
+
+kpgets()  { _kp_run show -sa Password "$KEEPASS_DB" "$1"; }
+kptotps() { _kp_run show -st "$KEEPASS_DB" "$1"; }
+
+# run with KP_DEBUG=1 to troubleshoot if needed
 function load_gemini() {
-    export GEMINI_API_KEY=$(kpget "Gemini API Key")
+    export GEMINI_API_KEY=$(kpgets "Gemini API Key")
    echo "Gemini API Key loaded into environment!"
 }

+function totp() {
+    case "$1" in
+        hcf) kptotps "personal/Dev/AWS Console" ;;
+        aws) kptotps "work/Own/AWS console" ;;
+        pci) kptotps "work/Own/PCI/AWS Workspaces" ;;
+        *)   echo "Usage: totp {hcf|aws|pci}" >&2; return 1 ;;
+    esac
+}
+
 _get_aws_config_path() {
    local config_path="${AWS_CONFIG_FILE:-$HOME/.aws/config}"
    echo "$config_path"