From 05a5fa95d374ed5a15688770a4d594b5f1f9364f Mon Sep 17 00:00:00 2001
From: fer <fer@ferqwerty.com>
Date: Wed, 6 Mar 2024 18:54:37 +0100
Subject: [PATCH 1/4] added shareconfig cmd

---
 .gitignore   | 4 +++-
 bitwarden.sh | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 05f4ccb6..3eb6a76c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
 # Secrets file for act (gh actions local run tool)
-.secrets
\ No newline at end of file
+.secrets
+bwdata
+bwdata.zip
\ No newline at end of file
diff --git a/bitwarden.sh b/bitwarden.sh
index 936bc4dc..01e6828c 100755
--- a/bitwarden.sh
+++ b/bitwarden.sh
@@ -139,6 +139,7 @@ updateconf
 uninstall
 renewcert
 rebuild
+shareconfig
 help
 
 See more at https://bitwarden.com/help/article/install-on-premise/#script-commands-reference
@@ -195,6 +196,9 @@ case $1 in
         checkOutputDirExists
         $SCRIPTS_DIR/run.sh uninstall $OUTPUT
         ;;
+    "shareconfig")
+        checkOutputDirExists
+        ;;
     "help")
         listCommands
         ;;

From b8ef913aaa9acf39496ab328d8ec2a2a733dc6b6 Mon Sep 17 00:00:00 2001
From: fer <fer@ferqwerty.com>
Date: Wed, 6 Mar 2024 18:55:36 +0100
Subject: [PATCH 2/4] gitignore removed bwdata rules

---
 .gitignore | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 3eb6a76c..05f4ccb6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,2 @@
 # Secrets file for act (gh actions local run tool)
-.secrets
-bwdata
-bwdata.zip
\ No newline at end of file
+.secrets
\ No newline at end of file

From c90a9de7f0c402c79badeed0bb1c9888318d5aae Mon Sep 17 00:00:00 2001
From: fer <fer@ferqwerty.com>
Date: Thu, 7 Mar 2024 00:45:24 +0100
Subject: [PATCH 3/4] redacted secrets from config files and produced tarball

---
 bitwarden.sh | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/bitwarden.sh b/bitwarden.sh
index 01e6828c..4a758dec 100755
--- a/bitwarden.sh
+++ b/bitwarden.sh
@@ -123,6 +123,35 @@ function checkOutputDirNotExists() {
     fi
 }
 
+function shareConfig() {
+    TEMP_DIR=$(mktemp -d)
+    BASE_DIR=$(realpath "$OUTPUT")
+    BWDATA_PATH=$(basename "$BASE_DIR")
+
+    while IFS= read -r -d $'\0' file; do
+        rel_path="${file#$BASE_DIR/}"
+        target_path="$TEMP_DIR/$BWDATA_PATH/$rel_path"
+        mkdir -p "$(dirname "$target_path")"
+        cp "$file" "$target_path"        
+        sed -i -e 's/\(globalSettings__duo__aKey=\).*/\1REDACTED/' \
+               -e 's/\(SA_PASSWORD=\).*/\1REDACTED/' \
+               -e 's/\(Password=\).*\(;.*\)/\1REDACTED\2/' \
+               -e 's/\(globalSettings__identityServer__certificatePassword=\).*/\1REDACTED/' \
+               -e 's/\(globalSettings__internalIdentityKey=\).*/\1REDACTED/' \
+               -e 's/\(globalSettings__oidcIdentityClientKey=\).*/\1REDACTED/' \
+               -e 's/\(globalSettings__mail__smtp__username=\).*/\1REDACTED/' \
+               -e 's/\(globalSettings__mail__smtp__password=\).*/\1REDACTED/' \
+               "$target_path"
+    done < <(find "$BASE_DIR" -type f \( -iname "*.conf" -o -iname "*.env" -o -iname "*.xml" -o -iname "*.yml" \) -print0)
+
+    OUTPUT_FILE="bitwarden-configs-redacted-$(date +%Y%m%d%H%M%S).tar.gz"
+    tar -czf "$OUTPUT_FILE" -C "$TEMP_DIR" .
+    rm -rf "$TEMP_DIR"
+
+    echo "The redacted configuration files have been successfully compressed and saved as '$OUTPUT_FILE'."
+}
+
+
 function listCommands() {
 cat << EOT
 Available commands:
@@ -198,6 +227,7 @@ case $1 in
         ;;
     "shareconfig")
         checkOutputDirExists
+        shareConfig
         ;;
     "help")
         listCommands

From 91f2b0489cc6b7dfd3eb8c7904b50bb1cedb0906 Mon Sep 17 00:00:00 2001
From: fer <fer@ferqwerty.com>
Date: Fri, 8 Mar 2024 17:28:19 +0100
Subject: [PATCH 4/4] added warning after producing tarball

---
 bitwarden.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/bitwarden.sh b/bitwarden.sh
index 4a758dec..8dacdf4a 100755
--- a/bitwarden.sh
+++ b/bitwarden.sh
@@ -148,7 +148,9 @@ function shareConfig() {
     tar -czf "$OUTPUT_FILE" -C "$TEMP_DIR" .
     rm -rf "$TEMP_DIR"
 
-    echo "The redacted configuration files have been successfully compressed and saved as '$OUTPUT_FILE'."
+    echo "The redacted configuration files have been compressed and saved as '$OUTPUT_FILE'."
+    echo "We have attempted to automatically mask sensitive values from your configuration files, however please ensure you check this before sharing."
+    echo "You may wish to remove these configuration files from the provided."
 }