top | item 41481823

(no title)

I've mostly used the 1Password CLI. A simple `op inject .env.template > .env` (off the top of my head) and done!

discuss

tomknig|1 year ago

Also using 1Password and I think it’s great. If possible, I would suggest to avoid plaintext secrets in files though. Instead, it is possible to store references to secrets in a dotenv file (example: .env.development): DATABASE_URL=op://development/database/url

and use op run to inject the secrets into a subprocess instead of storing them in a file: op run --env-file="./.env.development" -- cargo run

martijnarts|1 year ago

I love that, that's much better! Thanks!

timwis|1 year ago

But doesn’t that still write the secrets to disk? I thought the point of 1pass CLI was so you could avoid having unencrypted secrets on disk?

surething|1 year ago

An alternative is using `direnv` and `.envrc` instead:

export TOKEN=$(op item get 'My Service' --fields label=token --vault workwork)