Shell Secrets

Speaking of secrets, here’s how I keep them in the shell. Why do I have secrets in the shell? Typically, they are things like API keys and passwords for web services that I use in scripts. For example, I have a script display issues that are assigned to me on the desktop using Geektool. Or scripts to tweet from the command line, when I’m in a command line kind of mood. It’s pretty simple, first I create a file ~/.secrets, with key value pairs:

API_KEY=something
OTHER_SECRET=this_thing

Then in my ~/.bashrc, my preferred start up file, I put:

if [ -f "$HOME/.secrets" ]; then
    set -o allexport
    . "$HOME/.secrets"
    set +o allexport
fi

This is my laziness coming out. As it implies on the tin, set -o allexport causes any variables you set to be automatically be exported, setting them in the environment. Otherwise, ~/.secrets would need to look like:

export API_KEY=something
export OTHER_SECRET=this_thing

Look at all that typing I saved! I it would be bad™ to leave this on all the time which is why I turn it off again with set +o allexport. If you are really lazy, you can toggle this behavior set -a and set +a, but I like the readability of using the full setting name.

Anyway, this makes $API_KEY available in apps and on the command line, and you’re ready to go! Keep in mind that the key to happiness here is to keep the ~/.secrets out of where ever you store your dotfiles. Don’t check these in. Consider keeping them out of your backups, if they’re not encrypted. Do stick a copy in whatever you use for secure notes (1Password, etc.)