Created
January 6, 2025 21:35
-
-
Save BolajiOlajide/d2fa0b9379623593b71c68ede141671c to your computer and use it in GitHub Desktop.
unmask .env file with 1password secret references into it's plain text equivalent. (entries must be in the format `KEY="op://..."` )
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Input and output file paths | |
| INPUT_FILE="api.env" # Replace with your file name | |
| OUTPUT_FILE="api-output.env" # The file to write resolved secrets | |
| # Clear or create the output file | |
| : > "$OUTPUT_FILE" | |
| # Process each line in the input file | |
| while IFS= read -r line; do | |
| # Check if the line contains a secret reference | |
| if [[ "$line" =~ ^([A-Za-z_]+)=\"(op://.+)\"$ ]]; then | |
| echo "Found secret reference: $line" | |
| KEY="${BASH_REMATCH[1]}" | |
| SECRET_REF="${BASH_REMATCH[2]}" | |
| # Resolve the secret reference using op | |
| SECRET_VALUE=$(op read "$SECRET_REF" 2>/dev/null) | |
| if [[ $? -ne 0 ]]; then | |
| echo "Error: Failed to resolve $SECRET_REF" >&2 | |
| exit 1 | |
| fi | |
| # Write the key and resolved secret to the output file | |
| echo "${KEY}=${SECRET_VALUE}" >> "$OUTPUT_FILE" | |
| else | |
| # If no secret reference, copy the line as-is | |
| echo "$line" >> "$OUTPUT_FILE" | |
| fi | |
| done < "$INPUT_FILE" | |
| echo "Secrets resolved and written to $OUTPUT_FILE" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment