Prefer reading secrets.json to using pass show

I'm attempting to maintain a top-level secrets.json that defines all of the sensitive data that I'd like to version-control without exposing everything in cleartext to the world. To that end, I'm using `git secret`, which will use `gpg` to encrypt secrets.json everytime I call `git secret hide` and decrypt everytime I call `git secret reveal`. I'm going to try this until I don't like it anymore... if that day comes... I should write a blog post about my setup to solicit useful feedback and share my ideas with others.
author: William Carroll <wpcarro@gmail.com> 2020-08-20T17·31+0100
committer: William Carroll <wpcarro@gmail.com> 2020-08-20T17·31+0100
commit: 17c68d654ba7c4f01b730ceb804bdfa16c041174 (patch)
tree: 99984df70daf27730b2bf7cbbaf99c58e1e3e98f /website/sandbox/contentful/.envrc
parent: 392832a1ca492041bf9af4223b7049580e104bf3 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/website/sandbox/contentful/.envrc b/website/sandbox/contentful/.envrc
index 98e1d2c821f9..848d74e8b5e6 100644
--- a/website/sandbox/contentful/.envrc
+++ b/website/sandbox/contentful/.envrc
@@ -1,4 +1,4 @@
 source_up
 use_nix
-export CONTENTFUL_SPACE_ID="$(pass show programming/contentful/space-id)"
-export CONTENTFUL_ACCESS_TOKEN="$(pass show programming/contentful/access-token)"
+export CONTENTFUL_SPACE_ID="$(jq -j '.contentful | .spaceId' < ~/briefcase/secrets.json)"
+export CONTENTFUL_ACCESS_TOKEN="$(jq -j '.contentful | .accessToken' < ~/briefcase/secrets.json)"
author	William Carroll <wpcarro@gmail.com>	2020-08-20T17·31+0100
committer	William Carroll <wpcarro@gmail.com>	2020-08-20T17·31+0100
commit	17c68d654ba7c4f01b730ceb804bdfa16c041174 (patch)
tree	99984df70daf27730b2bf7cbbaf99c58e1e3e98f /website/sandbox/contentful/.envrc
parent	392832a1ca492041bf9af4223b7049580e104bf3 (diff)