Posted on :: Tags: , , , ,

I recently restarted using pass, the standard Unix password manager, to store my passwords.

At work, we use Doppler to manage our secrets. It injects environment variables before running commands. I thought, why can’t I do the same with a simple script?

The following script evaluates all password files with env in their names. I keep my environment variables in files named env-aws, etc., in the following format:

export AWS_ACCESS_KEY_ID="123456...."

The following script, which I called rws (short for run-with-secrets), allows me to run a command like rws s3cmd and use pass to inject the variables. So far, I’m happy with it.

#!/bin/zsh

cmd="$@"

fd -F env $HOME/.password-store | while read file ; do
  bb="${file:t:r}"
  eval $(pass show ${bb})
done

exec $cmd