From 17c68d654ba7c4f01b730ceb804bdfa16c041174 Mon Sep 17 00:00:00 2001
From: William Carroll <wpcarro@gmail.com>
Date: Thu, 20 Aug 2020 18:31:37 +0100
Subject: Prefer reading secrets.json to using pass show

I'm attempting to maintain a top-level secrets.json that defines all of the
sensitive data that I'd like to version-control without exposing everything in
cleartext to the world. To that end, I'm using `git secret`, which will use
`gpg` to encrypt secrets.json everytime I call `git secret hide` and decrypt
everytime I call `git secret reveal`.

I'm going to try this until I don't like it anymore... if that day comes...

I should write a blog post about my setup to solicit useful feedback and share
my ideas with others.
---
 tools/monzo_ynab/.envrc | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'tools/monzo_ynab')

diff --git a/tools/monzo_ynab/.envrc b/tools/monzo_ynab/.envrc
index 9b234477352d..f368d0b7e813 100644
--- a/tools/monzo_ynab/.envrc
+++ b/tools/monzo_ynab/.envrc
@@ -1,8 +1,8 @@
 source_up
 use_nix
-export monzo_client_id="$(pass show finance/monzo/client-id)"
-export monzo_client_secret="$(pass show finance/monzo/client-secret)"
-export ynab_personal_access_token="$(pass show finance/youneedabudget.com/personal-access-token)"
-export ynab_account_id="$(pass show finance/youneedabudget.com/personal-access-token)"
-export ynab_budget_id="$(pass show finance/youneedabudget.com/budget-id)"
+export monzo_client_id="$(jq -j '.monzo | .clientId' < ~/briefcase/secrets.json)"
+export monzo_client_secret="$(jq -j '.monzo | .clientSecret' < ~/briefcase/secrets.json)"
+export ynab_personal_access_token="$(jq -j '.ynab | .personalAccessToken' < ~/briefcase/secrets.json)"
+export ynab_account_id="$(jq -j '.ynab | .accountId' < ~/briefcase/secrets.json)"
+export ynab_budget_id="$(jq -j '.ynab | .budgetId' < ~/briefcase/secrets.json)"
 export store_path="$(pwd)"
-- 
cgit 1.4.1