1password-export/1export.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

import argparse
import csv
import json
import os
import subprocess as sp
import tempfile
from collections import namedtuple

OP_BIN = 'op'
GPG_BIN = 'gpg'
TAR_BIN = 'tar'

Record = namedtuple('Record', [
    'title',
    'username',
    'password',
    'url',
])

Vault = namedtuple('Vault', ['title', 'records'])

DUMMY_RECORD_SET = [
    Record(
        title='title' + str(i),
        username='username' + str(i),
        password='password' + str(i),
        url='url' + str(i),
    )
    for i in range(10)
]


def main():
    args = parse_args()
    output_file_name = os.path.abspath(args.file_name)
    vaults = [process_vault(v) for v in retrieve_vaults()]
    # vaults = [
    #     Vault(title='t1', records=DUMMY_RECORD_SET),
    #     Vault(title='t2', records=DUMMY_RECORD_SET),
    #     Vault(title='t3', records=DUMMY_RECORD_SET),
    #     Vault(title='t4', records=DUMMY_RECORD_SET),
    # ]
    with tempfile.TemporaryDirectory(suffix='-one-password-export') as dir_path:
        print('Store temp files in {}'.format(dir_path))
        for vault in vaults:
            save_vault(dir_path, vault)
        if args.password:
            export_encrypted(dir_path, output_file_name, args.password)
        else:
            export_plain(dir_path, output_file_name)
    print('Done')


def parse_args():
    parser = argparse.ArgumentParser(description='Export 1password logins')
    parser.add_argument('file_name', type=str,
                        help='output file name')
    parser.add_argument('--password', dest='password',
                        help='encrypt data')
    return parser.parse_args()


def process_vault(vault):
    vault_uuid = vault['uuid']
    vault_name = vault['name']
    str_v = lambda v, m: '\rVault "{}": {:20}'.format(v, m)
    str_vr = lambda v, i, t: str_v(v, '{}/{}'.format(i, t))
    print(str_v(vault_name, 'fetch items'), end='')
    items = retrieve_items(vault_uuid)
    records = []
    print(str_vr(vault_name, 0, len(items)), end='')
    for index, item in enumerate(items):
        item_data = retrieve_item(item['uuid'])
        extracted = extract_item_fields(item_data)
        records.append(extracted)
        print(str_vr(vault_name, index + 1, len(items)), end='')
    print('')
    return Vault(title=vault_name, records=records)


def save_vault(base_dir, vault):
    file_name = os.path.join(base_dir, vault.title.lower())
    with open(file_name, 'w') as csv_file:
        record_writer = csv.writer(csv_file)
        for record in vault.records:
            record_writer.writerow([
                record.title,
                record.username,
                record.password,
                record.url
            ])


def export_plain(dir_path, file_name):
    sp.run([TAR_BIN, '-cf', file_name + '.tar', '-C', dir_path, '.'])


def export_encrypted(dir_path, file_name, password):
    gpg_name = file_name + '.tar.gpg'
    with tempfile.TemporaryDirectory(suffix='-one-password-export') as tar_dir_path:
        tar_name = os.path.join(tar_dir_path, os.path.basename(file_name) + '.tar')
        print('Store temp tar in ' + tar_name)
        sp.run([TAR_BIN, '-cf', tar_name, '-C', dir_path, '.'])
        sp.run([GPG_BIN, '--symmetric', '--batch', '--yes', '--passphrase', password,
                '--output', gpg_name, tar_name])


def retrieve_vaults():
    print('Fetch vault list')
    data = catch_op_json([OP_BIN, 'list', 'vaults'])
    return data


def retrieve_items(vault_uuid):
    data = catch_op_json([OP_BIN, 'list', 'items', '--vault=' + vault_uuid])
    return data


def retrieve_item(item_uuid):
    data = catch_op_json([OP_BIN, 'get', 'item', item_uuid])
    return data


def extract_item_fields(item_data):
    details = item_data.get('details', {})
    fields = details.get('fields', [])
    overview = item_data.get('overview', {})
    username = value_from_fields(fields, 'username')
    password = value_from_fields(fields, 'password') or details.get('password', '')
    return Record(
        title=overview.get('title', ''),
        username=username,
        password=password,
        url=overview.get('url', ''),
    )


def value_from_fields(item_fields, key):
    for f in item_fields:
        if f.get('designation', '') == key:
            return f.get('value', '')
    return ''


def catch_op_json(args):
    output = sp.run(args, check=True, stdout=sp.PIPE).stdout
    return json.loads(output.decode('utf-8'))


if __name__ == '__main__':
    main()