sh 将敏感环境变量存储在钥匙串中,根据每个应用程序有选择地设置它们。
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sh 将敏感环境变量存储在钥匙串中,根据每个应用程序有选择地设置它们。相关的知识,希望对你有一定的参考价值。
source ~/bash.includes/keychain-environment-variables.sh
function aws-vault() {
/usr/local/bin/aws-vault-wrapper "$@"
}
# example wrapper
## function cloudns-api() {
## (
## export CLOUDNS_API_ID=$(keychain-environment-variable CLOUDNS_API_ID)
## export CLOUDNS_PASSWORD=$(keychain-environment-variable CLOUDNS_PASSWORD)
##
## /usr/local/bin/cloudns_api.sh "$@"
##
## unset CLOUDNS_API_ID CLOUDNS_PASSWORD
## )
## }
#!/usr/bin/env bash
source ~/bash.includes/keychain-environment-variables.sh
(
export CLOUDFLARE_EMAIL=$(keychain-environment-variable CLOUDFLARE_EMAIL)
export CLOUDFLARE_TOKEN=$(keychain-environment-variable CLOUDFLARE_TOKEN)
export GITHUB_TOKEN=$(keychain-environment-variable GITHUB_TOKEN)
/usr/local/bin/aws-vault "$@"
unset CLOUDFLARE_EMAIL CLOUDFLARE_TOKEN GITHUB_TOKEN
)
# Source: https://gist.github.com/bmhatfield/f613c10e360b4f27033761bbee4404fd
### Functions for setting and getting environment variables from the OSX keychain
### Adapted from https://www.netmeister.org/blog/keychain-passwords.html
# Use: keychain-environment-variable SECRET_ENV_VAR
function keychain-environment-variable () {
if [ -z "$1" ] ; then
echo "Missing environment variable name. Usage $FUNCNAME[0] <varname>"
return 1
fi
security find-generic-password -w -a ${USER} -D "environment variable" -s "${1}"
}
# Use: set-keychain-environment-variable SECRET_ENV_VAR
# provide: super_secret_key_abc123
function set-keychain-environment-variable () {
if [ -z "$1" ] ; then
echo "Missing environment variable name. Usage $FUNCNAME[0] <varname> [<silent>]"
return 1
fi
[ -n "$2" ] && SILENT="-s" || SILENT=""
# Note: if using bash, use `-p` to indicate a prompt string, rather than the leading `?`
read $SILENT -p "Enter Value for ${1}: " secret
( [ -n "$1" ] && [ -n "$secret" ] ) || return 1
security add-generic-password -U -a ${USER} -D "environment variable" -s "${1}" -w "${secret}"
unset secret
}
############################################################
## Pattern 1 - a binary that you're tweaking, and you don't want to constantly `source ~/.bashrc`
# 1. Wrap the binary in a function in ~/.bashrc
############################################################
## function aws-vault() {
## /usr/local/bin/aws-vault-wrapper "$@"
## }
# 2. Create /usr/local/bin/foo-wrapper
############################################################
## #!/usr/bin/env bash
## # Load the keychain environment variable helper functions
## source ~/bash.includes/keychain-environment-variables.sh
##
## # Start a subshell - this prevents the new environment variables from being
## # exposed if the wrapped program exits prematurely
## (
## export CLOUDFLARE_EMAIL=$(keychain-environment-variable CLOUDFLARE_EMAIL)
## export CLOUDFLARE_TOKEN=$(keychain-environment-variable CLOUDFLARE_TOKEN)
## export GITHUB_TOKEN=$(keychain-environment-variable GITHUB_TOKEN)
##
## /usr/local/bin/aws-vault "$@"
##
## # Unset environment variables - not really necessary because they go away when the subshell terminates
## unset CLOUDFLARE_EMAIL CLOUDFLARE_TOKEN GITHUB_TOKEN
## )
## # ^ end of subshell
##
以上是关于sh 将敏感环境变量存储在钥匙串中,根据每个应用程序有选择地设置它们。的主要内容,如果未能解决你的问题,请参考以下文章
如何根据每个用户存储应用内购买以供离线使用
在应用程序钥匙串中存储应用内购买收据
将设备标识符存储在 iOS 应用程序的钥匙串中是个好主意吗
钥匙串中存储的字符串是不是有长度限制?
如何在ios钥匙串中手动存储?
sh 将git密码短语添加到钥匙串中,这样就不会再次询问密码了