blob: a3bcd7786c524be8a71267248949b1ed449f2f10 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
# Environment Directory Helper
This program loads environment variables from files.
The program was motivated by the pattern of configuring various tokens via
environment variables. I found my shell profile increasingly littered with code
of the form:
export SOME_TOKEN="$(< ~/.some_token)"
I've replaced all of that with a single line:
eval "$(envdir-helper)"
## Security
As alluded to above, one of the use cases for this is env-specific tokens. These
kinds of tokens deserve special care - not just with this program, but in
general:
* They should be in files readable only by the current user (`-rw-------`) or by
the current user and group (`-rw-r-----`), as appropriate;
* They should be rotated regularly; and
* They should only be set when in use.
This program does relatively little to manage this directly. One approach that helps is to invoke `envdir-helper` from [`direnv`] or similar, instead of from your shell profile, and to store the actual tokens in a system such as [Vault] or in the [macOS Keychain] to avoid leaving them on disk. Program entries in the environment directory can retrieve data from outside sources.
[`direnv`]: https://direnv.net/
[Vault]: https://www.vaultproject.io/
[macOS Keychain]: https://developer.apple.com/documentation/security/keychain_services/keychain_items/searching_for_keychain_items
## Installation
Some familiarity with Python is assumed, here:
* Make a virtual environment;
* `$VIRTUALENV/bin/pip install git+https://github.com/ojacobson/envdir-helper/#egg=envdir-helper`; and
* Add its `bin` directory to `PATH` by other means, or invoke it by full path.
|
