{"id":27154735,"url":"https://github.com/masinger/incredible","last_synced_at":"2025-08-11T02:04:59.716Z","repository":{"id":174179134,"uuid":"651877326","full_name":"masinger/incredible","owner":"masinger","description":"A CLI tool that fetches secret values and files from credential managers and maps them to environment variables and temporary files.","archived":false,"fork":false,"pushed_at":"2023-09-04T10:37:17.000Z","size":123,"stargazers_count":4,"open_issues_count":9,"forks_count":0,"subscribers_count":1,"default_branch":"develop","last_synced_at":"2025-04-08T18:40:48.608Z","etag":null,"topics":["environment","environment-variables","secrets","shell"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/masinger.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.txt","support":null,"governance":null}},"created_at":"2023-06-10T11:13:23.000Z","updated_at":"2023-08-13T09:12:28.000Z","dependencies_parsed_at":"2023-07-05T05:15:52.302Z","dependency_job_id":"b548ae3d-ee07-409f-bd04-b22968c74d04","html_url":"https://github.com/masinger/incredible","commit_stats":{"total_commits":36,"total_committers":2,"mean_commits":18.0,"dds":0.08333333333333337,"last_synced_commit":"4b222cf34818131878d83144cf53542b98b2e0d3"},"previous_names":["masinger/incredible"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/masinger/incredible","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/masinger%2Fincredible","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/masinger%2Fincredible/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/masinger%2Fincredible/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/masinger%2Fincredible/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/masinger","download_url":"https://codeload.github.com/masinger/incredible/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/masinger%2Fincredible/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269819032,"owners_count":24480087,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-11T02:00:10.019Z","response_time":75,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["environment","environment-variables","secrets","shell"],"created_at":"2025-04-08T18:32:24.013Z","updated_at":"2025-08-11T02:04:59.689Z","avatar_url":"https://github.com/masinger.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Incredible [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)\n\nIncredible is a CLI tool that loads secrets (passwords, tokens, files) from secure sources and maps them to usable\nenvironment variables.\n\nThe goal of this tool is to avoid\n\n- having to add sensitive values into your Bash profile\n- permanently storing confidential files on the system\n- manually copying secrets from your password manager into your bash\n\nJust configure your desired environment variables (see [\"The solution\"](#the-solution)) and run your program with\n\n```shell\nincredible \u003cMY_PROGRAM\u003e\n```\n\nand it will be able to access them.\n\n## Supported sources\n\n| Source                                                                  | Requirements                                              | Provider Type                  | Value Support | File Support | Help                     |\n|-------------------------------------------------------------------------|-----------------------------------------------------------|--------------------------------|---------------|--------------|--------------------------|\n| [Bitwarden](https://bitwarden.com)                                      | [Bitwarden Cli](https://bitwarden.com/help/cli/)          | Official out-of-process CLI    | ✅             | ✅            | [Help](#bitwarden)       |\n| [Azure Key Vault](https://azure.microsoft.com/en-us/products/key-vault) | [Azure Cli](https://learn.microsoft.com/en-us/cli/azure/) | Official out-of-process CLI    | ✅             | ❌            | [Help](#azure-key-vault) |\n| [LastPass](https://lastpass.com)                                        | -                                                         | Third-party in-process Library | ✅             | ❌            | [Help](#lastpass)        |\n\n## How does it work?\n\n`incredible` can best be understood as an interfaces to various credential/password/secret managers.\n\n### The problem\n\nWithout `incredible`, one could easily come up with a script that automatically fetches a value from a password manager\nand exposes it using an environment variable, which can then be consumed by another tool or script.\n\nYou know - something like this:\n\n````shell\nexport MY_CLIENT_SECRET=$(generic-password-manager get secret super-secret-oidc-secret)\n````\n\nThis scripted solution should do the job just fine.\nStarting from that approach, a variety of problems and questions arise when it comes to working with multiple secrets,\nenvironments, team members and secret providers.\n\nFor example:\n\n- How can I set multiple secrets, If my environment needs them?\n- What if one of them required secrets is a file?\n- How do I clean up my environment after the variables and files are no longer needed?\n- How can I switch between contexts requiring the same variables set to different values?\n\n### The solution\n\n`incredible` tries to simplify working with secrets as much as possible by providing a unified configuration file.\nThis configuration file specifies the required environment variables and where they can be obtained from.\nOnce a program is started with `incredible \u003cMY_EXEC\u003e`, `incredible` will fetch all required values and cleans them up\nonce your program exits.\n\nThe configuration file (usually named `incredible.yml`) looks like this:\n\n````yaml\nassets: # List of all assets to be loaded\n  - src: # The src property tells incredible, where the secret's value can be obtained from\n      azureKeyVaultSecret: { } # set this, when loading from an Azure Key Value\n      bitwarden: { } # set this, when loading from a Bitwarden vault\n    mappings:\n      - env:\n          name: TARGET_VARIABLE # the name of the environment variable, that should hold the obtained secret\n````\n\nThe JSON schema at https://raw.githubusercontent.com/masinger/incredible/main/schema.json can be used to enable code\ncompletion and validation (if supported by your editor).\n\nSee [Sources](#sources) for more information on how to configure the `src` property.\n\n### Feature list\n\n- Fetch secret values from various providers (as listed in \"[Supported sources](#supported-sources)\")\n- Fetch files from various providers, storing them in temporary files\n- Removal of created temporary files, once incredible exits\n- Usage of context specific environment variables (the `incredible.yml` within the current or the first ancestor\n  directory will be used)\n\n## Sources\n\n### Bitwarden\n\n#### Requirements\n\n- [Bitwarden Cli](https://bitwarden.com/help/cli/) must be installed\n\n#### General\n\nThe Bitwarden source requires the identifier of the Bitwarden entry to be used.\nThe id can be obtained using the Bitwarden cli or by clicking on the entry (within the web\nvault - https://vault.bitwarden.com) and inspecting the browser URL once the detail dialog opens.\n\n#### Secret value from password\n\nThe following shows the minimal configuration required in order to read the password stored in entry `123-test-id` and\nmap it to the environment variable named `MY_SECRET_PW`.\n\n```yaml\nassets:\n  - src:\n      bitwarden:\n        entry: 123-test-id # entry id\n        field: password # optional, default: \"password\" \n    mappings:\n      - env:\n          name: MY_SECRET_PW\n```\n\n#### Secret value from password\n\nIf we set the property `field` to `\"username\"`, the entry's username will be used instead.\n\n````yaml\nassets:\n  - src:\n      bitwarden:\n        entry: 123-test-id # entry id\n        field: username\n    mappings:\n      - env:\n          name: MY_SECRET_USER\n````\n\n#### Secret file from attachment\n\nIn order to load a secret file from a Bitwarden entry's attachment, the name of the attachment must be provided using\nthe `attachment` property.\nThe environment variable `MY_SECRET_FILE_PATH` will then hold the filepath to the loaded file.\n\n````yaml\nassets:\n  - src:\n      bitwarden:\n        entry: 12345-12345-12345-abcd-12345 # Entry id\n        attachment: my-attachment.txt # file name as shown in Bitwarden\n    mappings:\n      - env:\n          name: MY_SECRET_FILE_PATH\n````\n\n### Azure Key Vault\n\n#### Requirements\n\n- [Azure Cli](https://learn.microsoft.com/en-us/cli/azure/) must be installed\n\n#### Obtaining a value from a Azure Key Vault secret\n\nSourcing values from an Azure Key Vault Secret requires the secrets unique identifier,\nwhich can be obtained by running\n\n````shell\naz keyvault secrete show --vault-name \u003cNAME_OF_YOUR_KEYVAULT\u003e --name \u003cNAME_OF_YOUR_SECRET\u003e\n````\n\n\u003e **Warning**\n\u003e The returned entry id statically refers to the current secret's version.\n\u003e In order to always use the newest version, the last path segment can be omitted.\n\nThe following mapping will load the newest value of an Azure Key Vault secret and store it within the environment\nvariable `MY_SECRET_VALUE`:\n\n````yaml\nassets:\n  - src:\n      azureKeyVaultSecret:\n        # Key Vault Secret's id (the lat version path segment is omitted, in order to always use the newest value)\n        itemId: https://MY_TEST_KEYVAULT.vault.azure.net/secrets/MY_TEST_ENTRY\n    mappings:\n      - env:\n          name: MY_SECRET_VALUE\n````\n\n### LastPass\n\u003e **Warning**\n\u003e LastPass support is provided by the open source GO library [asnd/lastpass-go](https://github.com/ansd/lastpass-go).\n\u003e Even though LastPass seems to have had an official CLI client, it is currently unmaintained/abandoned (see [lastpass/lastpass-cli issue #602](https://github.com/lastpass/lastpass-cli/issues/602)).\n\nIn order to use a username or password obtained from a LastPass account entry, it's ID is required.\n\n```yaml\nassets:\n  - src: \n      lastpass: \n        field: password # \"username\" or \"password\", default: \"password\" \n        id: 000-00-0000-000 # LastPass entry id\n    mappings:\n      - env:\n          AWS_CLIENT_SECRET\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmasinger%2Fincredible","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmasinger%2Fincredible","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmasinger%2Fincredible/lists"}