op run
This core insight — that configuration should be separate from code — led to the widespread adoption of
.env
files.[…]
You add this file to
.gitignore
to keep it out of version control, and load these variables into your environment at runtime with a tool or library.[…]
op
lets you manage 1Password from the command-line. You can do all the CRUD operations you’d expect for items in your vault. But its killer features is theop run
subcommand, which can dynamically inject secrets from your 1Password vault into your application’s environment.Instead of storing sensitive values directly in your
.env
file, you reference them using specialop://
URLs[…]
It’s great to see NSHipster back after a five-year hiatus.
1 Comment RSS · Twitter · Mastodon
Cool to see that the idea of using URIs for this stuff is catching on. Not sure why it needs to be 1Password, I personally use the Keychain, for example to store blogger credentials and tokens.
#!env st
#-blogger
scheme:https setHeaders: #{ Content-Type: 'application/json' }.
scheme:https setAccessToken: keychain:password/blogger.com/access_token stringValue.
blogid ← '8397311766319215218'.
theRef ← ref:https://www.googleapis.com/blogger/v3/blogs/{blogid}/
scheme:blogger ← theRef asScheme
shell runInteractiveLoop.