Poor man's secrets manager with pass.
I recently restarted using pass, the standard Unix password manager, to store my passwords.
At work, we use Doppler to manage our secrets. It injects environment variables before running commands. I thought, why can’t I do the same with a simple script?
The following script evaluates all password files with env in their names. I keep my environment variables in files named env-aws, etc., in the following format:
export AWS_ACCESS_KEY_ID="123456...."
The following script, which I called rws (short for run-with-secrets), allows me to run a command like rws s3cmd and use pass to inject the variables. So far, I’m happy with it.
#!/bin/zsh
cmd="$@"
fd -F env $HOME/.password-store | while read file ; do
bb="${file:t:r}"
eval $(pass show ${bb})
done
exec $cmd