Save zanzifile passwords to file

lib/zanzibar.rb

@@ -110,7 +110,7 @@ module Zanzibar
       raise "There was an error getting the secret with id #{scrt_id}: #{err}"
     end
 
-    ## Retrieve a simple password from a secret
+    ## Retrieve a simple password from a secret, and save it to a file if requested
     # Will raise an error if there are any issues
     # @param [Integer] the secret id
     # @return [String] the password for the given secret
@@ -123,12 +123,26 @@ module Zanzibar
       raise "There was an error getting the password for secret #{scrt_id}: #{err}"
     end
 
+    ## Get the password, save it to a file, and return the path to the file.
+    def get_password_and_save(scrt_id, path, name)
+      password = get_password(scrt_id)
+      save_password_to_file(password, path, name)
+      return File.join(path, name)
+    end
+
     def write_secret_to_file(path, secret_response)
       File.open(File.join(path, secret_response[:file_name]), 'wb') do |file|
         file.puts Base64.decode64(secret_response[:file_attachment])
       end
     end
 
+    ## Write the password to a file. Intended for use with a Zanzifile
+    def save_password_to_file(password, path, name)
+      File.open(File.join(path, name), 'wb') do |file|
+        file.puts password
+      end
+    end
+
     def get_secret_item_by_field_name(secret_items, field_name)
       secret_items.each do |item|
         return item if item[:field_name] == field_name

lib/zanzibar/actions/bundle.rb

@@ -20,6 +20,7 @@ module Zanzibar
       def run
         ensure_zanzifile
         load_required_secrets
+        ensure_secrets_path
         validate_environment
         load_resolved_secrets if resolved_file?
         validate_local_secrets unless @update
@@ -42,6 +43,10 @@ module Zanzibar
         debug { "#{ZANZIFILE_NAME} located..." }
       end
 
+      def ensure_secrets_path
+        FileUtils.mkdir_p(@settings['secret_dir'])
+      end
+
       def resolved_file?
         File.exist? RESOLVED_NAME
       end
@@ -80,24 +85,30 @@ module Zanzibar
 
         downloaded_secrets = {}
         remote_secrets.each do |key, secret|
+          puts "Downloading #{key} - #{secret['id']}"
           downloaded_secrets[key] = download_one_secret(secret['id'],
                                                         secret['label'],
                                                         @settings['secret_dir'],
-                                                        args)
+                                                        args,
+                                                        secret['name'] || "#{secret['id']}_password")
 
-          debug { "Downloaded secret: #{key} to #{path}..." }
+          debug { "Downloaded secret: #{key} to #{secret['path']}..." }
         end
 
         downloaded_secrets
       end
 
-      def download_one_secret(scrt_id, label, path, args)
+      def download_one_secret(scrt_id, label, path, args, name = nil)
+        if label == 'Password'
+          path = zanzibar(args).get_password_and_save(scrt_id, path, name)
+          { path: path, hash: Digest::MD5.file(path).hexdigest }
+        else
           path = zanzibar(args).download_secret_file(scrt_id: scrt_id,
                                                    type: label,
                                                    path: path)
-
           { path: path, hash: Digest::MD5.file(path).hexdigest }
         end
+      end
 
       def update_resolved_file(new_secrets)
         @local_secrets.merge! new_secrets

lib/zanzibar/cli.rb

@@ -53,6 +53,7 @@ module Zanzibar
     end
 
     desc 'plunder', "Alias to `#{APPLICATION_NAME} bundle`", :hide => true
+    option 'verbose', type: :boolean, default: false, aliases: :v
     alias_method :plunder, :bundle
 
     desc 'install', "Alias to `#{APPLICATION_NAME} bundle`"