Introduction
Environment variables can be used to store sensitive information. Combined with 1Password CLI, it is also a safe and convenient way to reference secrets and passwords.
Storing data in .env file
Create a .env
file in the project folder
1
2
touch .env
nano .env
Add information as Key=Value
1
2
API_KEY=your_api_key
DATABASE_URL=your_database_url
Access .env variable in Python
dotenv - is a useful python utility to keep environment variables in a separate file, which allows to easily manage it and to keep out of the source code.
Import environmental variables to python script
1
2
3
4
5
6
from dotenv import load_dotenv
import os
load_dotenv()
APIKEY = os.getenv("API_KEY")
Access .env variable in Shell
1
source .env
Load 1Password secrets into .env
1Password secrets can be loaded into the environment. That is great option that allows to edit secrets in 1Password without having to make any changes to the configuration settings or put any plaintext secrets in code. This requires having 1Password CLI installed on the system.
1Password CLI Commands
1
2
3
4
op vault list # Show available vaults
op item get "Raspberry Pi" # get item details
op read 'op://Personal/Raspberry Pi/username' # check item is accessable
Reference in .env
create secret reference in .env to 1password
1
ADMIN_PASSWORD='op://Personal/Ansible/password' #op://(vault)/(item)/(field)
To use environment files with 1password reference, use op run
with specify the path to the environment file by using the flag –env-file:
1
op run --env-file=".env" -- aws
To check item is accessable with enviroment variable
1
op run --no-masking --env-file=".env" printenv ADMIN_PASSWORD
Comments powered by Disqus.