#!/bin/bash
# To ssh to a host using a key stored in Bitwarden
# Key must be stored as a Secure Note, with the private key as an attachment to the note

# Bitwarden vault must be unlocked prior to use

#Set variables
keyname="${1}"

username=${2}

hostname=${3}

keysavename=$(echo -e ${keyname} | tr -d '[:space:]' | awk -F"/" '{print $NF}')

keyfile=${keysavename}-$(date "+%s")
#Check to see if user is logged in to Bitwarden and vault is unlocked
#check_login()
#{
  if bw status | grep -q "unlocked"; then
    echo "Bitwarden Vault unlocked, continuing..."
  else
    echo "Please login with 'bw unlock'"
    exit 1
  fi
#}

#Fetch private key and place in /home/$user/.ssh/$keysavename_datetime
bw get attachment $(bw get item $keyname | jq ".attachments[] | select((.fileName == \"$keyname\")).id" -r) --output $HOME/$keyfile --itemid $(bw get item $keyname | jq -r .id)
chmod 0600 $HOME/$keyfile
mv $HOME/$keyfile $HOME/.ssh/

#store passphrase in a variable
sshpassphrase=$(bw get item $keyname | jq -r ".fields[] | select((.name == \"Passphrase\")).value")

#Add the key to ssh-agent
expect << EOF
  spawn ssh-add -t 30 $HOME/.ssh/$keyfile
  expect "Enter passphrase"
  send "$sshpassphrase\r"
  expect eof
EOF

#SSH to the host
ssh $username@$hostname

#Remove keyfile
rm -f $HOME/.ssh/$keyfile