Generic Bash Script using KSM CLI

#!/usr/bin/env bash

# This will be executed as the following
# history -c && echo "BASE64STRING==" | /path/to/script.sh

# Without this the script might report a success
# if something fails in the script.
set -o pipefail -e

IFS= read -r params
json=$(echo "$params" | base64 -d)

# There is no built int JSON parser.
# In order to parse JSON, a tool like jq or fx is required.
$( echo "$json" | jq -r 'keys[] as $k | "export \($k)=\(.[$k])"' )

echo "providerRecordUid=$providerRecordUid"
echo "resourceRecordUid=$resourceRecordUid"
echo "userRecordUid=$userRecordUid"
echo "newPassword=$newPassword"
echo "oldPassword=$oldPassword"
echo "user=$user"

# Record data is another Base64 JSON. And values can be obtained by using 'jq'
recordJson=$(echo "$records" | base64 -d)
title=$(echo "$recordJson" | jq -r ".[] | select(.uid==\"$providerRecordUid\").title")
echo "Provider Title=$title"

# Parse data from record JSON with jq
UserRecordLogin=$(ksm secret get --json --uid=$userRecordUid | jq -r '.fields[] | select(.type == "login" or .label == "login").value[0]')
echo "UserRecordLogin=$UserRecordLogin"

# Requires ksm CLI binary installed and initialized with device config
# that provides access to the vault records

# Get data using notation
UserRecordTitle=$( ksm secret notation $userRecordUid/title )
UserRecordLogin=$( ksm secret notation $userRecordUid/field/login )
echo "UserRecordTitle=$UserRecordTitle"
echo "UserRecordLogin=$UserRecordLogin"