Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/sorah/envchain
Environment variables meet macOS Keychain and gnome-keyring <3
https://github.com/sorah/envchain
credentials gnome-keyring keychain secret security
Last synced: about 2 months ago
JSON representation
Environment variables meet macOS Keychain and gnome-keyring <3
- Host: GitHub
- URL: https://github.com/sorah/envchain
- Owner: sorah
- License: mit
- Created: 2014-05-18T21:42:08.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2024-04-23T18:12:12.000Z (5 months ago)
- Last Synced: 2024-07-19T19:36:08.876Z (2 months ago)
- Topics: credentials, gnome-keyring, keychain, secret, security
- Language: C
- Homepage:
- Size: 54.7 KB
- Stars: 1,155
- Watchers: 20
- Forks: 30
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
# envchain - set environment variables with macOS keychain or D-Bus secret service
## What?
Secrets for common computing environments, such as `AWS_SECRET_ACCESS_KEY`, are
set with environment variables.
A common practice is to set them in shell's intialization files such as `.bashrc` and `.zshrc`.
Putting these secrets on disk in this way is a grave risk.
`envchain` allows you to secure credential environment variables to your secure vault, and set to environment variables only when you called explicitly.
Currently, `envchain` supports macOS keychain and D-Bus secret service (gnome-keyring) as a vault.
Don't give any credentials implicitly!
## Requirement (macOS)
- macOS
- Confirmed to work on OS X 10.11 (El Capitan), macOS 10.12 (Sierra).
- OS X 10.7 (Lion) or later is required, but not confirmed
## Requirement (Linux)
- readline
- libsecret
- D-Bus Secret Service
- GNOME keyring
- KeePassXC
## Installation
### From Source
```
$ make
$ sudo make install
(or)
$ cp ./envchain ~/bin/
```
### Homebrew (OS X)
```
brew install envchain
```
## Usage
### Saving variables
Environment variables are set within a specified _namespace._ You can set variables in a single command:
```
envchain --set NAMESPACE ENV [ENV ..]
```
You will be prompted to enter the values for each variable.
For example, we can set two variables... `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` here, within a namespace called `aws`:
```
$ envchain --set aws AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
aws.AWS_ACCESS_KEY_ID: my-access-key
aws.AWS_SECRET_ACCESS_KEY: secret
```
Here we define a single new variable within a different namespace:
```
$ envchain --set hubot HUBOT_HIPCHAT_PASSWORD
hubot.HUBOT_HIPCHAT_PASSWORD: xxxx
```
These will all appear as application passwords with `envchain-NAMESPACE` in the data store (Keychain in macOS, gnome-keyring in common Linux distros).
### Execute commands with defined variables
```
$ env | grep AWS_ || echo "No AWS_ env vars"
No AWS_ env vars
$ envchain aws env | grep AWS_
AWS_ACCESS_KEY_ID=my-access-key
AWS_SECRET_ACCESS_KEY=secret
$ envchain aws s3cmd blah blah blah
⋮
```
```
$ envchain hubot env | grep AWS_ || echo "No AWS_ env vars for hubot"
No AWS_ env vars for hubot
$ envchain hubot env | grep HUBOT_
HUBOT_HIPCHAT_PASSWORD: xxxx
```
You may specify multiple namespaces at once, with separating by commas:
```
$ envchain aws,hubot env | grep 'AWS_\|HUBOT_'
AWS_ACCESS_KEY_ID=my-access-key
AWS_SECRET_ACCESS_KEY=secret
HUBOT_HIPCHAT_PASSWORD: xxxx
```
### More options
#### `--list`
List namespaces that have been created
```
$ envchain --list
aws
hubot
```
#### `--noecho`
Do not echo user input
```
$ envchain --set --noecho foo BAR
foo.BAR (noecho):
```
#### `--require-passphrase`
Always ask for keychain passphrase
```
$ envchain --set --require-passphrase name
```
#### `--no-require-passphrase`
Do not ask for keychain passphrase
```
$ envchain --set --no-require-passphrase name
```
## Sponsor
### Screenshot
#### OS X Keychain
#### Seahorse (gnome-keyring)
## Author
- Sorah Fukumori
- eagletmt
## License
MIT License