• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

sorah/envchain: Environment variables meet macOS Keychain and gnome-keyring < ...

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称(OpenSource Name):

sorah/envchain

开源软件地址(OpenSource Url):

https://github.com/sorah/envchain

开源编程语言(OpenSource Language):

C 97.6%

开源软件介绍(OpenSource Introduction):

envchain - set environment variables with macOS keychain or D-Bus secret service

What?

Secrets for common computing environments, such as AWS_SECRET_ACCESS_KEY, are set with environment variables.

A common practice is to set them in shell's intialization files such as .bashrc and .zshrc.

Putting these secrets on disk in this way is a grave risk.

envchain allows you to secure credential environment variables to your secure vault, and set to environment variables only when you called explicitly.

Currently, envchain supports macOS keychain and D-Bus secret service (gnome-keyring) as a vault.

Don't give any credentials implicitly!

Requirement (macOS)

  • macOS
    • Confirmed to work on OS X 10.11 (El Capitan), macOS 10.12 (Sierra).
    • OS X 10.7 (Lion) or later is required, but not confirmed

Requirement (Linux)

  • readline
  • libsecret
  • D-Bus Secret Service
    • GNOME keyring
    • KeePassXC

Installation

From Source

$ make

$ sudo make install
(or)
$ cp ./envchain ~/bin/

Homebrew (OS X)

brew install envchain

Usage

Saving variables

Environment variables are set within a specified namespace. You can set variables in a single command:

envchain --set NAMESPACE ENV [ENV ..]

You will be prompted to enter the values for each variable. For example, we can set two variables... AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY here, within a namespace called aws:

$ envchain --set aws AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
aws.AWS_ACCESS_KEY_ID: my-access-key
aws.AWS_SECRET_ACCESS_KEY: secret

Here we define a single new variable within a different namespace:

$ envchain --set hubot HUBOT_HIPCHAT_PASSWORD
hubot.HUBOT_HIPCHAT_PASSWORD: xxxx

These will all appear as application passwords with envchain-NAMESPACE in the data store (Keychain in macOS, gnome-keyring in common Linux distros).

Execute commands with defined variables

$ env | grep AWS_ || echo "No AWS_ env vars"
No AWS_ env vars
$ envchain aws env | grep AWS_
AWS_ACCESS_KEY_ID=my-access-key
AWS_SECRET_ACCESS_KEY=secret
$ envchain aws s3cmd blah blah blah
⋮
$ envchain hubot env | grep AWS_ || echo "No AWS_ env vars for hubot"
No AWS_ env vars for hubot
$ envchain hubot env | grep HUBOT_
HUBOT_HIPCHAT_PASSWORD: xxxx

You may specify multiple namespaces at once, with separating by commas:

$ envchain aws,hubot env | grep 'AWS_\|HUBOT_'
AWS_ACCESS_KEY_ID=my-access-key
AWS_SECRET_ACCESS_KEY=secret
HUBOT_HIPCHAT_PASSWORD: xxxx

More options

--list

List namespaces that have been created

$ envchain --list
aws
hubot

--noecho

Do not echo user input

$ envchain --set --noecho foo BAR
foo.BAR (noecho):

--require-passphrase

Always ask for keychain passphrase

$ envchain --set --require-passphrase name

--no-require-passphrase

Do not ask for keychain passphrase

$ envchain --set --no-require-passphrase name

Sponsor

Buy Me a Coffee at ko-fi.com

Screenshot

OS X Keychain

Seahorse (gnome-keyring)

Author

License

MIT License




鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
spotter-application/spotter: 发布时间:2022-08-18
下一篇:
magic-akari/WannaCry: 发布时间:2022-08-18
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap