blob: 3579d046e1a3ff1d9bff6be1d6a351809661d3e0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
# Environment Directory Helper
This program loads environment variables from files.
The program was motivated by the pattern of configuring various tokens via
environment variables. I found my shell profile increasingly littered with code
of the form:
export SOME_TOKEN="$(< ~/.some_token)"
I've replaced all of that with a single line:
eval "$(envdir-helper)"
This program also supports setting non-exported shell variables, using the
`--export false` flag. This is useful for prompts and other shell configuration
that should not be propagated through to subshells and other programs. This
behaviour is the default if the env directory's name ends in `rc`:
eval "$(envdir-helper .envdir.rc)"
## Security
As alluded to above, one of the use cases for this is env-specific tokens. These
kinds of tokens deserve special care - not just with this program, but in
general:
* They should be in files readable only by the current user (`-rw-------`) or by
the current user and group (`-rw-r-----`), as appropriate;
* They should be rotated regularly; and
* They should only be set when in use.
This program does relatively little to manage this directly. One approach that helps is to invoke `envdir-helper` from [`direnv`] or similar, instead of from your shell profile, and to store the actual tokens in a system such as [Vault] or in the [macOS Keychain] to avoid leaving them on disk. Program entries in the environment directory can retrieve data from outside sources.
[`direnv`]: https://direnv.net/
[Vault]: https://www.vaultproject.io/
[macOS Keychain]: https://developer.apple.com/documentation/security/keychain_services/keychain_items/searching_for_keychain_items
## Installation
Some familiarity with Rust is assumed, here:
* `cargo install --git https://gitlab.com/ojacobson/envdir-helper --branch main`
|
