Thursday, January 2, 2025

op run

Mattt Thompson (tweet):

This core insight — that configuration should be separate from code — led to the widespread adoption of .env files.

[…]

You add this file to .gitignore to keep it out of version control, and load these variables into your environment at runtime with a tool or library.

[…]

op lets you manage 1Password from the command-line. You can do all the CRUD operations you’d expect for items in your vault. But its killer features is the op run subcommand, which can dynamically inject secrets from your 1Password vault into your application’s environment.

Instead of storing sensitive values directly in your .env file, you reference them using special op:// URLs[…]

It’s great to see NSHipster back after a five-year hiatus.

1 Comment RSS · Twitter · Mastodon


Cool to see that the idea of using URIs for this stuff is catching on. Not sure why it needs to be 1Password, I personally use the Keychain, for example to store blogger credentials and tokens.

#!env st
#-blogger
scheme:https setHeaders: #{ Content-Type: 'application/json' }.
scheme:https setAccessToken: keychain:password/blogger.com/access_token stringValue.
blogid ← '8397311766319215218'.
theRef ← ref:https://www.googleapis.com/blogger/v3/blogs/{blogid}/
scheme:blogger ← theRef asScheme
shell runInteractiveLoop.

Leave a Comment