Long time no TIL but this is a good one. Today I learned that my beloved password manager 1Password offers a CLI that is able to inject secrets into environment variables.
The benefits are obvious. You don't need to worry about committing your .env or config files to your project repository. Furthermore there are no unencrypted secrets stored in your files.
Howto
To get going you need 1Password set up and the 1Password-CLI (brew install 1password-cli
) installed.
Within your project you are now able to inject secrets like so:
First add a .env-File to your project dir.
1 | VAR1="abc" |
To inject the secrets at runtime just hit: op run --env-file
and append your bin-command to use the environment vars. This following example just prints out the SECRET
-var.
1 | $ op run --env-file="my-config.env" -- printenv SECRET |
The first time you try to run op
you might need to login to your 1Password account.
1 | $ eval $(op signin) |
Note
Additional information is available at the 1Password docs. It is also possible to inject secrets into yaml files and so on.