v1.2.0 describe installation and improve secrets management

CHANGELOG.md

@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [1.2.0] - 2024-01-18
+### Changed
+- `main.go` rewrite secret at keyring if set by flag.
+- `README.md` describe installation process.
+
 ## [1.1.1] - 2023-07-27
 ### Fixed
 - `nmcli.go` **nmcliConnectionActive** search of element in slice.

README.md

@@ -9,3 +9,12 @@ Then you can start it as a daemon and it will bring up that VPN connection using
 ## Systemd
 I want to use it as systemd service and I prepared a unit file plus a piece of audit config, but both methods of providing password (--ask, passwd-file) don't work when `roly-poly-vpn` is started by systemd.
 I'm going to find another way or fix some of these methods but it doesn't work as expected right now. So run it from your session somehow.
+
+## Installation
+- Import your OpenVPN configuration to NetworkManager configuration.
+- Set your login to the NM VPN config and set to "Ask password every time".
+- Download from binary from [release page](https://github.com/nixargh/tired/releases).
+- Set execution bit for binary: ```chmod +x ./roly-poly-vpn```
+- Move somewhere to your **PATH**. At Ubuntu I prefer `~/.local/bin/` directory: ```mv ./roly-poly-vpn ~/.local/bin/```
+- Run it and answer questions about NetworkManager VPN config name, ypur LDAP password and OTP secret.
+If you make a mistake and want to change the value just run **roly-poly-vpn** with flag setting this secret and it will overwritten at your keyring. Or as alternative **seahorse** utility, which is a GUI keyring manager, could be used.

main.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"bufio"
 	"flag"
 	"fmt"
 	"os"
@@ -20,7 +21,7 @@ import (
 	//	"github.com/pkg/profile"
 )
 
-var version string = "1.1.1"
+var version string = "1.2.0"
 
 var clog *log.Entry
 
@@ -64,18 +65,10 @@ func main() {
 	clog.Info("Let's have some fun with 2FA VPN via NM!")
 
 	// Validate variables
-	if config == "" {
-		clog.Info("Hint: Use 'nmcli connection' to find out your config names.")
-		config = promptForSecret("config")
-	}
-
-	if password == "" {
-		password = promptForSecret("password")
-	}
-
-	if otpSecret == "" {
-		otpSecret = promptForSecret("otpSecret")
-	}
+	clog.Info("Hint: Use 'nmcli connection' to find out your config names.")
+	config = manageParameter("config", config, false)
+	password = manageParameter("password", password, true)
+	otpSecret = manageParameter("otpSecret", otpSecret, true)
 
 	go waitForDeath(config)
 
@@ -104,31 +97,59 @@ func main() {
 	}
 }
 
-func promptForSecret(secret string) string {
+func manageParameter(parameter string, parameterValue string, hide bool) string {
 	service := "roly-poly-vpn"
-	var secretValue string
 	var err error
 
-	secretValue, err = keyring.Get(service, secret)
+	// If value is empty - read from keyring or ask
+	if parameterValue == "" {
+		parameterValue, err = keyring.Get(service, parameter)
 
-	if err == nil && secretValue != "" {
-		clog.WithFields(log.Fields{"secret": secret}).Info("Got secret value from keyring.")
-		return secretValue
-	}
+		if err == nil && parameterValue != "" {
+			clog.WithFields(log.Fields{"parameter": parameter}).Info("Got parameter value from keyring.")
+			return parameterValue
+		}
+
+		fmt.Printf("New '%v' value: ", parameter)
 
-	fmt.Printf("New '%v' value: ", secret)
-	bytespw, _ := term.ReadPassword(int(syscall.Stdin))
-	secretValue = string(bytespw)
-	fmt.Print("\n")
+		if hide {
+			bytespw, err := term.ReadPassword(int(syscall.Stdin))
+			if err != nil {
+				log.Fatal(err)
+				clog.WithFields(log.Fields{
+					"parameter": parameter,
+					"error":     err,
+				}).Fatal("Reading hidden parameter value from cmd failed.")
+			}
+			parameterValue = string(bytespw)
+		} else {
+			scanner := bufio.NewScanner(os.Stdin)
+			scanner.Scan()
+			err := scanner.Err()
+			if err != nil {
+				log.Fatal(err)
+				clog.WithFields(log.Fields{
+					"parameter": parameter,
+					"error":     err,
+				}).Fatal("Reading parameter value from cmd failed.")
+			}
+			parameterValue = scanner.Text()
+		}
+		fmt.Print("\n")
+	}
 
-	err = keyring.Set(service, secret, secretValue)
+	// Save value gotten as flag or asked
+	err = keyring.Set(service, parameter, parameterValue)
 
 	if err != nil {
-		clog.WithFields(log.Fields{"secret": secret, "error": err}).Fatal("Can't save password to keyring.")
+		clog.WithFields(log.Fields{
+			"parameter": parameter,
+			"error":     err,
+		}).Fatal("Can't save password to keyring.")
 	}
 
-	clog.WithFields(log.Fields{"secret": secret}).Info("Secret saved to keyring.")
-	return secretValue
+	clog.WithFields(log.Fields{"parameter": parameter}).Info("Parameter's value saved to keyring.")
+	return parameterValue
 }
 
 func GeneratePassCode(secret string) string {