Tooling to expose 1Password entries as environment variables for specific commands
The https://github.com/bevry/dorothy provides a secret command, which interfaces with the 1Password CLI, to do such things as secret get and sercret env -- command to grab your secrets only when they are needed, and expose them only to the command that needs it. This is much more secure than exposing your secrets to your environment, which is commonly sent to a server when malicious software runs.
I use it all the time, relevant links:
- https://github.com/bevry/dorothy#secrets
- https://github.com/bevry/dorothy/blob/master/commands/secret
My .dorothy/user/secrets/secrets.json file looks like so:
json
{
"DISCOURSE_BEVRY_SERVER": ["personal", "bevry discourse", "server"],
"DISCOURSE_BEVRY_ROOT": ["personal", "bevry discourse", "root"],
"DISCOURSE_BEVRY_SSH": ["personal", "ssh keys", "bevry discourse"],
"SCALEWAY_SSH": ["personal", "ssh keys", "scaleway"]
}
Which I use like so:
bash
secret get DISCOURSE_BEVRY_ROOT DISCOURSE_BEVRY_SSH SCALEWAY_SSH
secret env DISCOURSE_BEVRY_SERVER -- ssh 'root@$DISCOURSE_BEVRY_SERVER'
You can create your own configuration file by writing .dorothy/user/secrets/secrets.json directly, or by using:
``` bash
secret map
e.g. for my configuration file earlier, I would configure the database like so
secret map DISCOURSE_BEVRY_SERVER personal 'bevry discourse' server
secret map DISCOURSE_BEVRY_ROOT personal 'bevry discourse' root
secret map DISCOURSE_BEVRY_SSH personal 'ssh keys' 'bevry discourse'
secret map SCALEWAY_SSH personal 'ssh keys' scaleway
```
You may be able to trial it standalone (without setting up Dorothy) by running:
bash --rcfile <(curl -fsSL https://dorothy.bevry.workers.dev)
secret ...
Let me know your thoughts and suggestions.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
