Forum Discussion

Super Contributor

4 years ago

How to inject a secret into the environment via a systemd service definition?

I want to inject a secret (password) into the environment for a systemd service, using either Environment= or EnvironmentFile= . What I tried (and what failed): 1. Environment Environm...

cli

Anonymous

4 years ago

Hey XIII, thanks for reaching out to us!

I think another solution here might be to pass the secret references as environment variables, and to use op run to prefix your ExecStart Command. I played a bit with this with the manual authentication process, hardcoding my session token, and managed to get something like this working:
[Service] User=horia Environment="OP_CONFIG_DIR=/home/horia/.config/op" Environment="VAR=op://test-vault/docker/username" Environment="OP_SESSION_<my_id>=<my_session_token>" ExecStart=/usr/bin/op run --no-masking -- bash -c 'echo $VAR'
I assume this can be ported over to the biometric authentication process as well, but, in case you encounter any hurdles, let us know such that we can take another look, in more detail!

Best,
Horia

Forum Discussion

How to inject a secret into the environment via a systemd service definition?

Featured discussions

PSA: Extension going blank or unresponsive in Chrome? Here's what we know

Recent discussions

SSH agent not working from `.ssh/config` in macOS

1password cli as auth source for autofs

VS Code remote ssh triggering wrong ssh key

1Password classing input element as a username field

Bun cannot read 1Password-mounted .env files directly