emacs-orgmode
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secrets in org-babel

From: Greg Minshall
Subject: Re: Secrets in org-babel
Date: Mon, 05 Sep 2022 22:11:55 +0300 
Felix,

my setup is probably too complicated.  and, i don't really know what
"aws secretsmanager" is, or how you interact with it.  but, in case this
helps...

i put ("long-term") secrets in pass
----
https://www.passwordstore.org/
----

for "programmatic access" (in particular, for passwords needed by e-mail
sending and retrieving programs), avoiding having to enter my password
every ten minutes (or so), i wrote something called credeface/credepass
----
https://gitlab.com/minshall/credeface
----
which uses git's (!) credential cache for this service
----
https://git-scm.com/docs/git-credential
----

in your case, you might just use `credeface` to first store, then later
retrieve, whatever secrets you get from "aws secretsmanager".
occasionally (`--timeout`), you should be asked by `credeface` to
refresh that value.

----
bash archlinux (master): {1315} credeface --username ipsilon --host example.com 
store
this is that
bash archlinux (master): {1316} credeface --username ipsilon --host example.com 
get
cannot display secrets on the terminal
bash archlinux (master): {1317} credeface --username ipsilon --host example.com 
get | cat
this is that
----

cheers, Greg
reply via email to
[Prev in Thread] Current Thread [Next in Thread]