GitHub – waj/shell-secrets: Encrypted environment variables

This is a small tool to set environment variables from encrypted (with GPG) files

There are many command line tools that require environment variables with secret values to work.
These values are often saved in unencrypted shell files. I created this simple but useful script
to read secret values from encrypted files and at the same time make it easy to login in and out
from diferent accounts.

NOTICE: GPG is assumed to be installed and configured for the current user.

Copy the shell-secrets.sh file anywhere in your disk. Add the following line in your profile shell script:

source /path/to/shell-secrets.sh

Also is recommended to modify the shell prompt to display the current login. For example this
can be inserted in your PS1 variable:

export PS1='... \e[31m$SECRET_LOGIN\e[0m ...'

The variable $SECRET_LOGIN keeps the list of account names being used in the current shell.

First, make sure the ~/.shell-secrets/ directory exists. This is where encrypted files will be stored:

mkdir -p ~/.shell-secrets

Now create new encrypted files using GPG:

$ gpg --encrypt -r yourself@some.email.com --armor --output ~/.shell-secrets/foo.gpg
export FOO=E9yyQ7MApwoQHXBCIs7or5aQ9W
export BAR=lLvxSCbY4j+Kdn
...
^D

Done!

To login using any of the encrypted files, just call the login function with the file name (without the .gpg extension)

$ login foo
foo $ env
...
FOO=E9yyQ7MApwoQHXBCIs7or5aQ9W
BAR=lLvxSCbY4j+Kdn
...

The enviroment variables are set and ready to be used and the SECRET_LOGIN environment variable is updated to be used by the prompt. The script also includes autocomplete for the
available file names in the .shell-secrets directory.

Several logins can also be nested:

$ login foo
foo $ login bar
foo bar $

Every time the login function is used, a new sub-shell process is created. To logout from the current
account, call logout or just press Ctrl+D.

Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.

Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!