[PM-8475] Add script to check for and import vault items from a specified file during vault setup (#345)

* add script to check for and import vault items from a specified file

* tweak scripts for performance & stability

* add import file generation guidance to example dotfile

* cleanup

Author: jprusik

.env.example

@@ -27,6 +27,11 @@ VAULT_HOST_URL="https://localhost"
 # Used to match a remote server configuration.
 REMOTE_VAULT_CONFIG_MATCH="https://localhost:8443/api/config"
 
+# (Optional) Specify the root directory filename for the Bitwarden vault JSON import
+# you'd like to use (e.g. "vault.json")
+# Mock data generation tool: https://www.passwordvaultgenerator.com/
+VAULT_IMPORT_FILE=""
+
 # The extension that will have tests running against it
 EXTENSION_BUILD_PATH="clients/apps/browser/build"
 

.gitignore

@@ -6,6 +6,7 @@ Thumbs.db
 .env
 dev-server.local.pem
 tmp-vault-seeder
+vault.json
 ssl.crt
 ssl.key
 

package.json

@@ -42,6 +42,7 @@
     "seed:vault:account": "NODE_EXTRA_CA_CERTS=ssl.crt ts-node ./scripts/create-account.ts",
     "seed:vault:ciphers": "ts-node ./scripts/vault-seeder.ts",
     "seed:vault:ciphers:refresh": "./scripts/cli-serve-helper.sh && REFRESH=true ts-node ./scripts/vault-seeder.ts && kill $(ps -e | grep 'bw serve' | grep -v 'vault-seeder' | awk '{print $1}')",
+    "seed:vault:import": "./scripts/vault-import.sh",
     "setup:all": "./scripts/first-time-setup.sh",
     "setup:extension": "rimraf clients && git clone https://github.com/bitwarden/clients.git clients && cd clients && npm ci",
     "setup:install": "ts-node ./scripts/generate-installation.ts",

scripts/cli-serve-helper.sh

@@ -33,7 +33,7 @@ BW_COMMAND status
 # shellcheck disable=SC2086 # we want to pass the server host url as a single argument
 BW_COMMAND logout --quiet # In case there's an active outdated session (e.g. docker container was rebuilt)
 BW_COMMAND config server $VAULT_HOST || true # no error if already configured
-BW_COMMAND login "$VAULT_EMAIL" "$VAULT_PASSWORD" --nointeraction || true # no error if already logged in
+BW_COMMAND login "$VAULT_EMAIL" "$VAULT_PASSWORD" --nointeraction --quiet || true # no error if already logged in
 BW_COMMAND sync || true # no error if already synced
 
 # Start Vault Management API

scripts/first-time-setup.sh

@@ -15,5 +15,6 @@ npm run seed:vault:account
 npm run start:cli
 npm run seed:vault:ciphers
 npm run stop:cli
+npm run seed:vault:import
 
 npm run setup:test-site

scripts/vault-import.sh

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+ROOT_DIR=$(git rev-parse --show-toplevel)
+
+# shellcheck source=.env
+set -o allexport
+. $ROOT_DIR/.env
+set +o allexport
+
+export NODE_EXTRA_CA_CERTS=$ROOT_DIR/$BW_SSL_CERT
+
+BW_COMMAND() {
+  bw "$@"
+}
+
+if [[ -z "${VAULT_IMPORT_FILE}" ]]; then
+    printf "No vault import file was specified. Skipping vault import...\n\n"
+
+    exit 0
+fi
+
+chmod +r $VAULT_IMPORT_FILE
+
+export VAULT_HOST=$VAULT_HOST_URL:$VAULT_HOST_PORT
+
+if [[ -z "${VAULT_HOST_URL:-}" ]]; then
+    echo "VAULT_HOST_URL is not set, using local dev values"
+    export VAULT_HOST='--api http://localhost:4000 --identity http://localhost:33656 --web-vault https://localhost:8080 --events http://localhost:46273'
+fi
+
+BW_COMMAND status
+
+# Login to the vault
+# shellcheck disable=SC2086 # we want to pass the server host url as a single argument
+BW_COMMAND logout --quiet # In case there's an active outdated session (e.g. docker container was rebuilt)
+BW_COMMAND config server $VAULT_HOST || true # no error if already configured
+
+BW_COMMAND login "$VAULT_EMAIL" "$VAULT_PASSWORD" --nointeraction --quiet || true # no error if already logged in
+BW_COMMAND sync || true # no error if already synced
+
+# Unlock and set session token
+export BW_SESSION=$(
+    BW_COMMAND unlock --passwordenv VAULT_PASSWORD --raw --nointeraction
+)
+
+printf "Importing...\n"
+BW_COMMAND import bitwardenjson "${VAULT_IMPORT_FILE}"
+
+BW_COMMAND logout --quiet