Last active
March 18, 2021 20:20
-
-
Save clhynfield/7e5bf331dcb454370bb0838891d7159a to your computer and use it in GitHub Desktop.
Setting and forgetting secrets in the environment with direnv and LastPass CLI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| read_secret() { | |
| local path="$1" | |
| note="$(lpass show --notes $path 2>/dev/null)" | |
| if [[ $? -ne 0 ]]; then | |
| echo "Can't read LastPass note" >&2 | |
| return 1 | |
| fi | |
| echo "$note" | |
| } | |
| write_secret() { | |
| local path="$1" | |
| local contents="$2" | |
| if ! echo "$contents" | lpass add --non-interactive --notes "$path"; then | |
| echo "Can't write LastPass note" >&2 | |
| return 1 | |
| fi | |
| } | |
| set_and_forget() { | |
| local variable="$1" | |
| if [[ -z "${!variable}" ]]; then | |
| value="$(read_secret $PROJECT/$variable)" | |
| if [[ -n "$value" ]]; then | |
| eval "$(echo $variable=\"$value\")" | |
| else | |
| read -s -p "$variable:" "$variable" | |
| write_secret "$PROJECT/$variable" "${!variable}" | |
| fi | |
| export "$variable" | |
| fi | |
| } | |
| set_and_forget SUPER_SECRET_VARIABLE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment