# netosecret.sh - bash script CLI

{% stepper %}
{% step %}

### CLI usage

display command line options to interact with shell script

```bash
#!/bin/bash

# Ensure the script does not print or store sensitive data
export HISTIGNORE='*echo*:*base64*'

# Default values
url="https://api.netography.com/api/v1"
output_file="netosecret.env"
envname="NETOSECRET"

# Help function
print_usage() {
    echo "Usage: $0 [shortname] [appname] [OPTIONS]
Options:
  [shortname]                 Set the shortname
  [appname]                   Set the appname
  --env                       Read all variables from environment
  --envfile <filename>        Read environment variables from the file
  --url <value>               Set a custom API URL
  --appkey <value>            Set the appkey (prompt if not provided)
  --sharedsecret <value>      Set the sharedsecret (prompt if not provided)
  --save <path>               Save to env file (default netosecret.env)
  --envname <name>            Variable name to write to in envfile (default NETOSECRET)
  --print                     Print the encoded netosecret
  --decode                    Decode NETOSECRET and print the JSON (contains secrets)
  -h, --help                  Display this help message

netosecret is a tool to generate a single base64 encoded string containing all 
5 components needed to authenticate to the Netography API (url, shortname, 
appname, sharedsecret, appkey).  The 5 components are stored as key/values in 
a JSON object for encoding/decoding.  

If used with the --env or --envfile option, the script will read from environment
in this order:
  URL: NETO__API__URL, NETO_URL, NETO__URL
  APPNAME: NETO__API__APP_NAME, NETO_APP_NAME, NETO_APPNAME
  SHORTNAME: NETO__API__SHORTNAME, NETO_SHORTNAME, NETO__SHORTNAME
  SHAREDSECRET: NETO__API__CREDENTIALS__SHARED_SECRET, NETO_SHAREDSECRET, NETO__SHAREDSECRET, NETO_SHARED_SECRET
  APPKEY: NETO__API__CREDENTIALS__APP_KEY, NETO__APPKEY, NETO__APP_KEY, NETO_APPKEY
```

{% endstep %}

{% step %}

### netosecret JSON object format

Display netosecret decoded JSON format

{% code lineNumbers="true" %}

```bash
netosecret JSON object format:
{
  \"url\": \"<url>\", \"shortname\": \"<shortname>\", \"appname\": \"<appname>\",
  \"sharedsecret\": \"<sharedsecret>\", \"appkey\": \"<appkey>\"
}"

}
```

{% endcode %}
{% endstep %}

{% step %}

### read from environment variables

reads values from environment based on command line options

```bash
# Function to get value from environment variables with fallbacks
get_env_value() {
    local is_secret="$1"
    shift
    local keys=("$@")
    for key in "${keys[@]}"; do
        local value=$(printenv "$key")
        if [ -n "$value" ]; then
            echo "$value"
            if [ "$is_secret" = true ]; then
                value="******"
            fi
            echo "Read from env $key=$value" >&2
            return
        fi
    done
}
```

{% endstep %}

{% step %}

### decode netosecret

decodes netosecret from base64 string nto JSON string

<pre class="language-bash"><code class="lang-bash"># Parse positional arguments
if [[ "$#" -gt 0 &#x26;&#x26; "$1" != "-"* ]]; then
    shortname="$1"
    shift
fi

if [[ "$#" -gt 0 &#x26;&#x26; "$1" != "-"* ]]; then
    appname="$1"
    shift
fi

# Parse command-line options
while [[ "$#" -gt 0 ]]; do
    case $1 in
        --url) url="$2"; shift ;;
        --appkey) appkey="$2"; shift ;;
        --sharedsecret) sharedsecret="$2"; shift ;;
        --save) output_file="$2"; shift ;;
        --env) use_env=true ;;
        --envfile) envfile="$2"; shift ;;
        --envname) envname="$2"; shift ;;
        --print) print_output=true ;;
        --decode) decode_secret=true; shift ;;
        -h|--help) print_usage; exit 0 ;;
        *) echo "Unknown parameter passed: $1"; print_usage; exit 1 ;;
    esac
    shift
done

# If envfile is specified, read values from the file first
if [ -n "$envfile" ]; then
    export $(grep -v '^#' "$envfile" | xargs)
fi


<strong># Handle the decode option
</strong><strong>if [ "$decode_secret" = true ]; then
</strong><strong>        netosecret_to_decode=$(printenv "$envname")
</strong><strong>        if [ -z "$netosecret_to_decode" ]; then
</strong><strong>            read -s -p "Enter netosecret: " netosecret_to_decode      
</strong><strong>            if [ -z "$netosecret_to_decode" ]; then
</strong><strong>                echo "Error: No encoded string provided and $envname is not set in the environment."
</strong><strong>                exit 1
</strong><strong>            fi
</strong><strong>        fi
</strong><strong>    echo $netosecret_to_decode | base64 --decode
</strong><strong>    exit 0
</strong><strong>fi
</strong></code></pre>

{% endstep %}

{% step %}

### encode netosecret

Encodes JSON object with base64

<pre class="language-bash"><code class="lang-bash"># If --env is specified or envfile is read, read values from environment variables
if [ "$use_env" = true ] || [ -n "$envfile" ]; then
    url=$(get_env_value false "NETO__API__URL" "NETO_URL" "NETO__URL")
    appname=$(get_env_value false "NETO__API__APP_NAME" "NETO_APP_NAME" "NETO_APPNAME")
    shortname=$(get_env_value false "NETO__API__SHORTNAME" "NETO_SHORTNAME" "NETO__SHORTNAME")
    sharedsecret=$(get_env_value true "NETO__API__CREDENTIALS__SHARED_SECRET" "NETO_SHAREDSECRET" "NETO__SHAREDSECRET" "NETO_SHARED_SECRET")
    appkey=$(get_env_value true "NETO__API__CREDENTIALS__APP_KEY" "NETO__APPKEY" "NETO__APP_KEY" "NETO_APPKEY")
fi

# Prompt for required values if not set
[ -z "$shortname" ] &#x26;&#x26; read -p "Enter shortname: " shortname
[ -z "$appname" ] &#x26;&#x26; read -p "Enter appname: " appname
if [ -z "$appkey" ]; then
  read -s -p "Enter appkey: " appkey
  echo
fi
if [ -z "$sharedsecret" ]; then
  read -s -p "Enter sharedsecret: " sharedsecret
  echo
fi

# Ensure all required fields are set
if [ -z "$shortname" ] || [ -z "$appname" ] || [ -z "$appkey" ] || [ -z "$sharedsecret" ]; then
    echo "Error: All fields (shortname, appname, url, appkey, sharedsecret) must be provided."
    exit 1
fi

<strong># Create the JSON object with the URL
</strong><strong>json=$(cat &#x3C;&#x3C;EOF
</strong><strong>{
</strong><strong>  "url": "$url",
</strong><strong>  "shortname": "$shortname",
</strong><strong>  "appname": "$appname",
</strong><strong>  "sharedsecret": "$sharedsecret",
</strong><strong>  "appkey": "$appkey"
</strong><strong>}
</strong><strong>EOF
</strong><strong>)
</strong><strong>
</strong><strong># Encode the JSON object to Base64
</strong><strong>encoded=$(echo -n "$json" | base64)
</strong>
# Output based on provided options
if [ "$print_output" ]; then
    echo "$encoded"
else
    echo "$envname=$encoded" > "$output_file"
    echo "netosecret saved to $output_file"
fi

# Clear sensitive data from environment variables
unset json
unset encoded
unset appkey
unset sharedsecret

</code></pre>

{% endstep %}
{% endstepper %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fusion.vectra.ai/api-recipes/recipes/netosecret.sh-bash-script-cli.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.