diff options
| author | William Carroll <wpcarro@gmail.com> | 2020-08-20T17·31+0100 |
|---|---|---|
| committer | William Carroll <wpcarro@gmail.com> | 2020-08-20T17·31+0100 |
| commit | 17c68d654ba7c4f01b730ceb804bdfa16c041174 (patch) | |
| tree | 99984df70daf27730b2bf7cbbaf99c58e1e3e98f /tools | |
| parent | 392832a1ca492041bf9af4223b7049580e104bf3 (diff) | |
Prefer reading secrets.json to using pass show
I'm attempting to maintain a top-level secrets.json that defines all of the sensitive data that I'd like to version-control without exposing everything in cleartext to the world. To that end, I'm using `git secret`, which will use `gpg` to encrypt secrets.json everytime I call `git secret hide` and decrypt everytime I call `git secret reveal`. I'm going to try this until I don't like it anymore... if that day comes... I should write a blog post about my setup to solicit useful feedback and share my ideas with others.
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/monzo_ynab/.envrc | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/tools/monzo_ynab/.envrc b/tools/monzo_ynab/.envrc index 9b234477352d..f368d0b7e813 100644 --- a/tools/monzo_ynab/.envrc +++ b/tools/monzo_ynab/.envrc @@ -1,8 +1,8 @@ source_up use_nix -export monzo_client_id="$(pass show finance/monzo/client-id)" -export monzo_client_secret="$(pass show finance/monzo/client-secret)" -export ynab_personal_access_token="$(pass show finance/youneedabudget.com/personal-access-token)" -export ynab_account_id="$(pass show finance/youneedabudget.com/personal-access-token)" -export ynab_budget_id="$(pass show finance/youneedabudget.com/budget-id)" +export monzo_client_id="$(jq -j '.monzo | .clientId' < ~/briefcase/secrets.json)" +export monzo_client_secret="$(jq -j '.monzo | .clientSecret' < ~/briefcase/secrets.json)" +export ynab_personal_access_token="$(jq -j '.ynab | .personalAccessToken' < ~/briefcase/secrets.json)" +export ynab_account_id="$(jq -j '.ynab | .accountId' < ~/briefcase/secrets.json)" +export ynab_budget_id="$(jq -j '.ynab | .budgetId' < ~/briefcase/secrets.json)" export store_path="$(pwd)" |