Use "op run" to load secrets into .env file
Hey,
I'm trying to use your "Load secrets into the environment" method when I'm running my web application locally on my computer.
I looked into your documentation but unfortunately, I didn't find the solution.
I'm using PyCharm with EnvFile extension to store .env file in my project with environment variables (the value is a secret reference from 1Password).
I'm running this command:op run --no-masking --env-file="local.env" -- printenv AWS_COGNITO_LOGIN_URL password
Based on the example provided in the op run -h
It asks me to identify with the finger (touch id) and prints the value, but my expectation is to load the value into the .env file specified in the command path.
When I'm running the web application, it doesn't load the value and it gives me the value as the secret reference, ie, "op://Shared/AWS_COGNITO_LOGIN_URL/credential".
I found this issue in your community that marks this as a bug, but I'm not sure this is the same use case.
https://1password.community/discussion/141291/op-run-doesnt-seem-to-be-overriding-shell-value-with-env-value-per-docs
My target is to hold all the secrets env var in 1Password and replace all the values in the .env file with secret references from 1Password.
1Password Version: Mac 8.10.9
Extension Version: CLI Version: 2.18.0
OS Version: macOS Ventura 13.4.1
Browser: PyCharm: 2023.1.2 (Community Edition)
Comments
-
but my expectation is to load the value into the .env file specified in the command path.
That expectation might be wrong;
op rundoes not modify (write).envfiles, but does replace the secret references (read from an.envfile) by values in your vault (in memory) and supplies those (only!) to the command you execute withop run.Did you try starting your web application with
op run?(Replace
printenv AWS_COGNITO_LOGIN_URL passwordby the command that starts your web App)0
