sh 将敏感环境变量存储在钥匙串中,根据每个应用程序有选择地设置它们。

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sh 将敏感环境变量存储在钥匙串中,根据每个应用程序有选择地设置它们。相关的知识,希望对你有一定的参考价值。

source ~/bash.includes/keychain-environment-variables.sh

function aws-vault() {
	/usr/local/bin/aws-vault-wrapper "$@"
}

# example wrapper
## function cloudns-api() {
##     (
##         export CLOUDNS_API_ID=$(keychain-environment-variable CLOUDNS_API_ID)
##         export CLOUDNS_PASSWORD=$(keychain-environment-variable CLOUDNS_PASSWORD)
## 
##         /usr/local/bin/cloudns_api.sh "$@"
## 
##         unset CLOUDNS_API_ID CLOUDNS_PASSWORD
##     )
## }
#!/usr/bin/env bash

source ~/bash.includes/keychain-environment-variables.sh

(
	export CLOUDFLARE_EMAIL=$(keychain-environment-variable CLOUDFLARE_EMAIL)
	export CLOUDFLARE_TOKEN=$(keychain-environment-variable CLOUDFLARE_TOKEN)
	export GITHUB_TOKEN=$(keychain-environment-variable GITHUB_TOKEN)

	/usr/local/bin/aws-vault "$@"

	unset CLOUDFLARE_EMAIL CLOUDFLARE_TOKEN GITHUB_TOKEN

)
# Source: https://gist.github.com/bmhatfield/f613c10e360b4f27033761bbee4404fd
### Functions for setting and getting environment variables from the OSX keychain
### Adapted from https://www.netmeister.org/blog/keychain-passwords.html

# Use: keychain-environment-variable SECRET_ENV_VAR
function keychain-environment-variable () {
	if [ -z "$1" ] ; then
		echo "Missing environment variable name. Usage $FUNCNAME[0] <varname>"
		return 1
	fi
	security find-generic-password -w -a ${USER} -D "environment variable" -s "${1}"
}

# Use: set-keychain-environment-variable SECRET_ENV_VAR
#   provide: super_secret_key_abc123
function set-keychain-environment-variable () {
	if [ -z "$1" ] ; then
		echo "Missing environment variable name. Usage $FUNCNAME[0] <varname> [<silent>]"
		return 1
	fi
	[ -n "$2" ] && SILENT="-s" || SILENT=""

	# Note: if using bash, use `-p` to indicate a prompt string, rather than the leading `?`
	read $SILENT -p "Enter Value for ${1}: " secret

	( [ -n "$1" ] && [ -n "$secret" ] ) || return 1
	security add-generic-password -U -a ${USER} -D "environment variable" -s "${1}" -w "${secret}"

	unset secret
}


############################################################
## Pattern 1 - a binary that you're tweaking, and you don't want to constantly `source ~/.bashrc`
# 1. Wrap the binary in a function in ~/.bashrc
############################################################
##    function aws-vault() {
##        /usr/local/bin/aws-vault-wrapper "$@"
##    }
# 2. Create /usr/local/bin/foo-wrapper
############################################################
##   #!/usr/bin/env bash
##   # Load the keychain environment variable helper functions
##   source ~/bash.includes/keychain-environment-variables.sh
##
##   # Start a subshell - this prevents the new environment variables from being
##   # exposed if the wrapped program exits prematurely
##   (
##       export CLOUDFLARE_EMAIL=$(keychain-environment-variable CLOUDFLARE_EMAIL)
##       export CLOUDFLARE_TOKEN=$(keychain-environment-variable CLOUDFLARE_TOKEN)
##       export GITHUB_TOKEN=$(keychain-environment-variable GITHUB_TOKEN)
##
##       /usr/local/bin/aws-vault "$@"
##
##       # Unset environment variables - not really necessary because they go away when the subshell terminates
##       unset CLOUDFLARE_EMAIL CLOUDFLARE_TOKEN GITHUB_TOKEN
##   )
##   # ^ end of subshell
##

以上是关于sh 将敏感环境变量存储在钥匙串中,根据每个应用程序有选择地设置它们。的主要内容,如果未能解决你的问题,请参考以下文章

如何根据每个用户存储应用内购买以供离线使用

在应用程序钥匙串中存储应用内购买收据

将设备标识符存储在 iOS 应用程序的钥匙串中是个好主意吗

钥匙串中存储的字符串是不是有长度限制?

如何在ios钥匙串中手动存储?

sh 将git密码短语添加到钥匙串中,这样就不会再次询问密码了