0

I want to include an environment variable with a secret Api key during shell initialization. But I do not want that environment variable to be exposed in a plain text file.

So, I was wondering if there is a built-in mechanism or script to do this.

I was thinking on a encrypted git repository using git-crypt. And when initializing (on .profile) decrypt it, source it and then encrypt it back to make unreadable to other users.

Improve this question
2
  • So...where will you store the key used to decrypt your secret file? Commented Aug 31, 2016 at 16:07
  • 1
    Encryption/decryption would be made using GPG keys with a passphrase. The passphrase will be entered once per session (using gnome-keyring or a gpg-agent). Similar as you do when using SSH keys with Github. Commented Aug 31, 2016 at 16:19

1 Answer 1

Reset to default
1

A couple of sh functions and using gpg made it:

SECRETS_FILE=~/.secrets.sh [email protected] profile_decrypt (){ gpg -d ${SECRETS_FILE}.asc > ${SECRETS_FILE} # Decrypt file rm ${SECRETS_FILE}.asc } profile_encrypt () { gpg -ea -r ${GPG_ID} ${SECRETS_FILE} # Encrypt file using ascii output rm ${SECRETS_FILE} } profile_decrypt source $SECRETS_FILE profile_encrypt

Where ~/.secrets.sh contains:

export API_KEY=<SECRET API KEY>

Including this functions on .profile decrypts, exports variables and encrypts them back everytime the terminal is loaded.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I've just made a shell plugin with this feature: github.com/gmatheu/shell-plugins/blob/master/…

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.