- Rust 100%
| src | ||
| .gitignore | ||
| Cargo.lock | ||
| Cargo.toml | ||
| LICENSE.md | ||
| README.md | ||
Environment Directory Helper
This program loads environment variables from files.
The program was motivated by the pattern of configuring various tokens via environment variables. I found my shell profile increasingly littered with code of the form:
export SOME_TOKEN="$(< ~/.some_token)"
I've replaced all of that with a single line:
eval "$(envdir-helper)"
This program also supports setting non-exported shell variables, using the
--export false flag. This is useful for prompts and other shell configuration
that should not be propagated through to subshells and other programs. This
behaviour is the default if the env directory's name ends in rc:
eval "$(envdir-helper .envdir.rc)"
Security
As alluded to above, one of the use cases for this is env-specific tokens. These kinds of tokens deserve special care - not just with this program, but in general:
- They should be in files readable only by the current user (
-rw-------) or by the current user and group (-rw-r-----), as appropriate; - They should be rotated regularly; and
- They should only be set when in use.
This program does relatively little to manage this directly. One approach that helps is to invoke envdir-helper from direnv or similar, instead of from your shell profile, and to store the actual tokens in a system such as Vault or in the macOS Keychain to avoid leaving them on disk. Program entries in the environment directory can retrieve data from outside sources.
Installation
Some familiarity with Rust is assumed, here:
cargo install --git https://gitlab.com/ojacobson/envdir-helper --branch main