Long time no TIL but this is a good one. Today I learned that my beloved password manager 1Password offers a CLI that is able to inject secrets into environment variables.
The benefits are obvious. You don't need to worry about committing your .env or config files to your project repository. Furthermore there are no unencrypted secrets stored in your files.
To get going you need 1Password set up and the 1Password-CLI (
brew install 1password-cli) installed.
Within your project you are now able to inject secrets like so:
First add a .env-File to your project dir.
To inject the secrets at runtime just hit:
op run --env-file and append your bin-command to use the environment vars. This following example just prints out the
$ op run --env-file="my-config.env" -- printenv SECRET
The first time you try to run
op you might need to login to your 1Password account.
$ eval $(op signin)
Additional information is available at the 1Password docs. It is also possible to inject secrets into yaml files and so on.