Poor man's secrets manager with pass
I (re)started to use pass, the standard Unix password manager to store my passwords.
At work, we use Doppler to manage our secrets. It basically injects environment variables before running commands. I thought, why can’t I do the same with a simple script:
The following script evaluates all password files having env in its name. I keep my environment variables in files named env-aws etc. in the following way:
export AWS_ACCESS_KEY_ID="123456...."
and the following script, which I called rws (for run-with-secrets) runs a command like rws s3cmd to use pass to inject the variables. So far I’m happy with it.
#!/bin/zsh
cmd="$@"
fd -F env $HOME/.password-store | while read file ; do
bb="${file:t:r}"
eval $(pass show ${bb})
done
exec $cmd