I didnt want DigitalOcean's doctl to store my accesstoken in its config.yaml file, since i have all secrets regarding technical infrastructure in a seperate KeepassXC database. So even though my harddrive is encrypted, i didnt want an accesstoken gaining full access to my DigitalOcean account laying around in some .yaml file.
doctl has a -t option to pass in the accesstoken as a parameter. So as a first step, i had to get the accesstoken from my unlocked KeepassXC database.
- Unlock your KeepassXC database
- (optional) Create a new group for secrets you want to expose to secret-tool and add the secrets to this group