Hacker News new | past | comments | ask | show | jobs | submit login

can you elaborate or point me to a resource how to use it to share secret for projects? i tried the pass, but it sotres the credentials in my home, i would rather prefer to have them in a file in the project, moreover, can also it encrypt .env files or some sort of it?



By default it does store passwords in ~/.password-store but you can override that with environment variables (see PASSWORD_STORE_DIR in the man page). I personally use thin wrapper scripts to change pass's behavior to suit my need. You can even fork it directly (and cautiously) if you want, it's just a relatively straightforward shell script after all.

>can also it encrypt .env files or some sort of it?

What are .env files? You mean the config dotfiles in your home directory? If so you'll probably have to use something like EncFS to encrypt these files. Personally I don't encrypt them but I also avoid storing cleartext passwords in them as much as possible, many unix programs support getting passwords from an application, for example in my muttrc I have:

    set imap_pass = `pass mail/myemail`


I found this brilliant way to manage your dotfiles in an old hn comment. https://news.ycombinator.com/item?id=11071754

<quote>

I use:

    git init --bare $HOME/.myconf
    alias config='/usr/bin/git --git-dir=$HOME/.myconf/ --work-tree=$HOME'
    config config status.showUntrackedFiles no
where my ~/.myconf directory is a git bare repository. Then any file within the home folder can be versioned with normal commands like:

    config status
    config add .vimrc
    config commit -m "Add vimrc"
    config add .config/redshift.conf
    config commit -m "Add redshift config"
    config push
And so one…

No extra tooling, no symlinks, files are tracked on a version control system, you can use different branches for different computers, you can replicate you configuration easily on new installation.

</quote>


No extra tooling, no symlinks, files are tracked on a version control system, you can use different branches for different computers, you can replicate you configuration easily on new installation.

But synchronizing shared configuration is clunky (you have to cherry pick commits between branches I guess).

I use NixOS and Nix on my MacBook, which allows you to store and version your whole system configuration. I have factored out different parts of my configuration (emacs, zsh, etc.) in different .nix files. So, I just have one file per machine where I import the relevant configurations and specify the packages that I want to have available. E.g. this is my user configuration on NixOS:

https://github.com/danieldk/nix-home/blob/master/machines/mi...

and macOS:

https://github.com/danieldk/nix-home/blob/master/machines/ma...


Thanks for sharing those, I had kind of written off Nix for personal laptop after first glance, going to play around again.


This is brilliant! I think I'm about to go and replace some make-based infrastructure as a result.


the software requires configurations. those are read from a .env file where there's name=value, i was wondering if this tool can help in enc/dec that, so on so for i've a gpg --symmmetric script to do that, but you have to know the password


For project-specific secrets, you may want to look at git-crypt:

https://www.agwa.name/projects/git-crypt/




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: