Tooling to expose 1Password entries as environment variables for specific commands
The Dorothy dotfile ecosystem provides a secret
command, which interfaces with the 1Password CLI, to do such things as secret get
and sercret env -- command
to grab your secrets only when they are needed, and expose them only to the command that needs it. This is much more secure than exposing your secrets to your environment, which is commonly sent to a server when malicious software runs.
I use it all the time, relevant links:
- https://github.com/bevry/dorothy#secrets
- https://github.com/bevry/dorothy/blob/master/commands/secret
My .dorothy/user/secrets/secrets.json
file looks like so:
{ "DISCOURSE_BEVRY_SERVER": ["personal", "bevry discourse", "server"], "DISCOURSE_BEVRY_ROOT": ["personal", "bevry discourse", "root"], "DISCOURSE_BEVRY_SSH": ["personal", "ssh keys", "bevry discourse"], "SCALEWAY_SSH": ["personal", "ssh keys", "scaleway"] }
Which I use like so:
secret get DISCOURSE_BEVRY_ROOT DISCOURSE_BEVRY_SSH SCALEWAY_SSH secret env DISCOURSE_BEVRY_SERVER -- ssh 'root@$DISCOURSE_BEVRY_SERVER'
You can create your own configuration file by writing .dorothy/user/secrets/secrets.json
directly, or by using:
secret map <environment variable name> <vault name> <item name> <field name> # e.g. for my configuration file earlier, I would configure the database like so secret map DISCOURSE_BEVRY_SERVER personal 'bevry discourse' server secret map DISCOURSE_BEVRY_ROOT personal 'bevry discourse' root secret map DISCOURSE_BEVRY_SSH personal 'ssh keys' 'bevry discourse' secret map SCALEWAY_SSH personal 'ssh keys' scaleway
You may be able to trial it standalone (without setting up Dorothy) by running:
bash --rcfile <(curl -fsSL https://dorothy.bevry.workers.dev) secret ...
Let me know your thoughts and suggestions.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hey @balupton, this looks like a really neat way to limit access and exposure to your secrets!
Thanks for sharing! I hope that people from the community find this interesting and helpful.
0