[sxldier]

I have a simple workflow I use for ENV vars. Another comment noted a script written which likely does more but I haven’t fully read the code. Here’s my simple workflow in case someone is interested.

Create a DB in MacOS keychain called envs:

  security create-keychain -P envs

Then use these shell functions:

  which get-env
  get-env () {
     security find-generic-password -s "$1" -w envs
   }

  which add-env
  add-env () {
      security add-generic-password -a "$USER" -s "$1" -w "$2" envs
   }

Then add one via:

  add-env ENVNAME SECRET

Example using it:

  ENVVAR=“$(get-env ENVNAME)” ./script.sh

[errata_piccata]

this is gold, thank you

[sxldier]

Happy it was helpful! Neglected to mention that your entry with the password will be stored in the shell history. You can prefix a space and have those commands (prefixed with a space) to be ignored in shell history. Alternative is to use `read` to pass the password in and hide the input. I can rewrite it for you if that’ll help.