`xactfetch` has three different ways of reading secret values:
* From environment variables
* By reading the contents of a file (specified by environment variables)
* By looking them up in the Bitwarden vault
This is very cumbersome to work with, especially when trying to
troubleshoot using the container image locally.
To make this easier, I've factored out all secret lookup functionality
into a separate process. This process listens on a UNIX socket and
implements a very simple secret lookup protocol. The client
(`xactfetch` itself in this case) sends a string key, identifying the
secret it wants to look up, terminated by a single line feed character.
The `secretsocket` server looks up the secret associated with that key,
using the method defined in a TOML configuration file. There are four
supported methods:
* Environment variables
* External programs
* File contents
* Static strings
The value returned by the corresponding method is then sent back to the
client via the socket connection, again as a string terminated with a
line feed.
Moving the secret handling into a separate process simplifies the
environment configuration needed in order to run `xactfetch`. Notably,
when running it in a container, only the `secretsocket` soket needs to
be mounted into the container. Since `rbw` is executed by the server
process now, rather than `xactfetch` directly, the vault does not need
to be present in the `xactfetch` container. Indeed, none of the secret
values need to be present in the container.
Dustin