Integration
secenv
alone is an useful tool, but it becomes even better when you integrates it with other tools.
direnv
direnv
is an utility tool to source a special file when you navigate in a given directory.
It can be useful to switch automatically the context that is generated.
By example, one can select the current environment, and generate a context based on it:
.envrc
source .credentials
echo "Which context to use?"
select env in $(secenv contexts list); do
eval $(secenv contexts gen "$env")
break
done
.credentials
export SECENV_my_aws_store_access_key_id='...'
export SECENV_my_aws_store_secret_access_key='...'
CI/CD
Isn't is a pain to keep the secrets consistent between the different environments and the CI/CD?
secenv
can solve this issue by furnishing the environment variables directly from the secret manager and by-passing the different CI/CD providers.
Github Actions
.github/workflows/default.yml
...
jobs:
job:
steps:
- name: Setup secrets
run: |
eval $(secenv contexts gen -o github_actions my_context)
Gitlab CI
...
Setup secrets:
script: |
eval $(secenv contexts gen my_context)