Dustin C. Hatch
b30b38f76f
`xactfetch` has three different ways of reading secret values: * From environment variables * By reading the contents of a file (specified by environment variables) * By looking them up in the Bitwarden vault This is very cumbersome to work with, especially when trying to troubleshoot using the container image locally. To make this easier, I've factored out all secret lookup functionality into a separate process. This process listens on a UNIX socket and implements a very simple secret lookup protocol. The client (`xactfetch` itself in this case) sends a string key, identifying the secret it wants to look up, terminated by a single line feed character. The `secretsocket` server looks up the secret associated with that key, using the method defined in a TOML configuration file. There are four supported methods: * Environment variables * External programs * File contents * Static strings The value returned by the corresponding method is then sent back to the client via the socket connection, again as a string terminated with a line feed. Moving the secret handling into a separate process simplifies the environment configuration needed in order to run `xactfetch`. Notably, when running it in a container, only the `secretsocket` soket needs to be mounted into the container. Since `rbw` is executed by the server process now, rather than `xactfetch` directly, the vault does not need to be present in the `xactfetch` container. Indeed, none of the secret values need to be present in the container.