From 6816f125eb0f8ef478b90a59d239bfd73e43f0d9 Mon Sep 17 00:00:00 2001
From: Menno van Leeuwen <menno@vleeuwen.me>
Date: Tue, 11 Mar 2025 15:43:36 +0100
Subject: [PATCH] feat: add support for OP_SERVICE_ACCOUNT_TOKEN and enforce
 file permissions for ~/.op_sat

---
 .bashrc | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/.bashrc b/.bashrc
index e1bcacb..327b16e 100644
--- a/.bashrc
+++ b/.bashrc
@@ -104,6 +104,20 @@ else
     eval "$(starship init bash)"
 fi
 
+# Read .op_sat
+if [ -f ~/.op_sat ]; then
+    export OP_SERVICE_ACCOUNT_TOKEN=$(cat ~/.op_sat)
+
+    # Ensure .op_sat is 0600 and only readable by the owner
+    if [ "$(stat -c %a ~/.op_sat)" != "600" ]; then
+        echo "WARNING: ~/.op_sat is not 0600, please fix this!"
+    fi
+
+    if [ "$(stat -c %U ~/.op_sat)" != "$(whoami)" ]; then
+        echo "WARNING: ~/.op_sat is not owned by the current user, please fix this!"
+    fi
+fi
+
 # Source nix home-manager
 if [ -f "$HOME/.nix-profile/etc/profile.d/hm-session-vars.sh" ]; then
     . "$HOME/.nix-profile/etc/profile.d/hm-session-vars.sh"