dervoeti

KeepassXC secret as cli parameter

I didnt want DigitalOcean's doctl to store my accesstoken in its config.yaml file, since i have all secrets regarding technical infrastructure in a seperate KeepassXC database. So even though my harddrive is encrypted, i didnt want an accesstoken gaining full access to my DigitalOcean account laying around in some .yaml file.

doctl has a -t option to pass in the accesstoken as a parameter. So as a first step, i had to get the accesstoken from my unlocked KeepassXC database.

Reading secrets with secret-tool

• Unlock your KeepassXC database
• (optional) Create a new group for secrets you want to expose to secret-tool and add the secrets to this group

dervoeti

xfconf-query -c xfce4-panel -t bool -s false -n -p $(xfconf-query -l -c xfce4-panel -v | grep -P "^/plugins/plugin-\d+\s+tasklist$" | awk '{print $1"/label-decorations"}')