I've mostly used the 1Password CLI. A simple `op inject .env.template > .env` (o...

tomknig · 2024-09-08T18:40:11 1725820811

Also using 1Password and I think it’s great. If possible, I would suggest to avoid plaintext secrets in files though. Instead, it is possible to store references to secrets in a dotenv file (example: .env.development): DATABASE_URL=op://development/database/url

and use op run to inject the secrets into a subprocess instead of storing them in a file: op run --env-file="./.env.development" -- cargo run

martijnarts · 2024-09-12T19:08:44 1726168124

I love that, that's much better! Thanks!

timwis · 2024-09-08T18:39:56 1725820796

But doesn’t that still write the secrets to disk? I thought the point of 1pass CLI was so you could avoid having unencrypted secrets on disk?

surething · 2024-09-08T19:28:38 1725823718

An alternative is using `direnv` and `.envrc` instead:

export TOKEN=$(op item get 'My Service' --fields label=token --vault workwork)

moltar · 2024-09-08T19:51:55 1725825115

Why not just use op run? It auto replaces references with values.