Loading secret content in .profile when initializing bash/zsh
Question
I want to include an environment variable with a secret Api key during shell initialization. But I do not want that environment variable to be exposed in a plain text file.
So, I was wondering if there is a built-in mechanism or script to do this.
I was thinking on a encrypted git repository using git-crypt . And when initializing (on .profile) decrypt it, source it and then encrypt it back to make unreadable to other users.
1 answers
solution1
1 ACCPTED 2016-09-05 12:07:37
A couple of sh functions and using gpg made it:
SECRETS_FILE=~/.secrets.sh
GPG_ID=yourgpgid@mydomain.com
profile_decrypt (){
gpg -d ${SECRETS_FILE}.asc > ${SECRETS_FILE} # Decrypt file
rm ${SECRETS_FILE}.asc
}
profile_encrypt () {
gpg -ea -r ${GPG_ID} ${SECRETS_FILE} # Encrypt file using ascii output
rm ${SECRETS_FILE}
}
profile_decrypt
source $SECRETS_FILE
profile_encrypt
Where ~/.secrets.sh contains:
export API_KEY=<SECRET API KEY>
Including this functions on .profile decrypts, exports variables and encrypts them back everytime the terminal is loaded.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.