Skip to main content

View / Edit on GitHub: home/dot_config/shell/private_private.sh.tmpl

Secrets

Seperate environment variables file that, when manually sourced, includes secret environment variables

Overview

This script can be invoked by running . ~/.config/shell/private.sh to include secret environment variables that are populated by Install Doctor during the provisioning process (if they are provided).

Source Code

{{- if (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) -}}
#!/usr/bin/env sh
# @file Secrets
# @brief Seperate environment variables file that, when manually sourced, includes secret environment variables
# @description
#     This script can be invoked by running `. ~/.config/shell/private.sh` to include secret environment variables
#     that are populated by Install Doctor during the provisioning process (if they are provided).

### Ansible
export ANSIBLE_GALAXY_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "ANSIBLE_GALAXY_TOKEN")) }}{{ includeTemplate "secrets/ANSIBLE_GALAXY_TOKEN" | decrypt | trim }}{{ else }}{{ env "ANSIBLE_GALAXY_TOKEN" }}{{ end }}"
export ANSIBLE_VAULT_PASSWORD="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "ANSIBLE_VAULT_PASSWORD")) }}{{ includeTemplate "secrets/ANSIBLE_VAULT_PASSWORD" | decrypt | trim }}{{ else }}{{ env "ANSIBLE_VAULT_PASSWORD" }}{{ end }}"
export AVP="$ANSIBLE_VAULT_PASSWORD"

### Atuin
export ATUIN_EMAIL="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "ATUIN_EMAIL")) }}{{ includeTemplate "secrets/ATUIN_EMAIL" | decrypt | trim }}{{ else }}{{ env "ATUIN_EMAIL" }}{{ end }}"
export ATUIN_PASSWORD="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "ATUIN_PASSWORD")) }}{{ includeTemplate "secrets/ATUIN_PASSWORD" | decrypt | trim }}{{ else }}{{ env "ATUIN_PASSWORD" }}{{ end }}"
export ATUIN_USERNAME="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "ATUIN_USERNAME")) }}{{ includeTemplate "secrets/ATUIN_USERNAME" | decrypt | trim }}{{ else }}{{ env "ATUIN_USERNAME" }}{{ end }}"
export ATUIN_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "ATUIN_KEY")) }}{{ includeTemplate "secrets/ATUIN_KEY" | decrypt | trim }}{{ else }}{{ env "ATUIN_KEY" }}{{ end }}"

### AWS
export AWS_ACCESS_KEY_ID="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "AWS_ACCESS_KEY_ID")) }}{{ includeTemplate "secrets/AWS_ACCESS_KEY_ID" | decrypt | trim }}{{ else }}{{ env "AWS_ACCESS_KEY_ID" }}{{ end }}"
export AWS_SECRET_ACCESS_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "AWS_SECRET_ACCESS_KEY")) }}{{ includeTemplate "secrets/AWS_SECRET_ACCESS_KEY" | decrypt | trim }}{{ else }}{{ env "AWS_SECRET_ACCESS_KEY" }}{{ end }}"
export AWS_DEFAULT_REGION="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "AWS_DEFAULT_REGION")) }}{{ includeTemplate "secrets/AWS_DEFAULT_REGION" | decrypt | trim }}{{ else }}{{ env "AWS_DEFAULT_REGION" }}{{ end }}"

### Google Cloud SDK
export CLOUDSDK_CORE_PROJECT="{{ .user.gcloud.coreProject }}"
export GCE_SERVICE_ACCOUNT_EMAIL="{{ .user.gcloud.email }}"
export GCE_CREDENTIALS_FILE="${XDG_CONFIG_HOME:-$HOME/.config}/gcloud/gcp.json"

### CloudFlare
# Source: https://github.com/cloudflare/cf-terraforming
export CLOUDFLARE_API_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_API_TOKEN")) }}{{ includeTemplate "secrets/CLOUDFLARE_API_TOKEN" | decrypt | trim }}{{ else }}{{ env "CLOUDFLARE_API_TOKEN" }}{{ end }}"
# If using API Key
# export CLOUDFLARE_EMAIL='[email protected]'
# export CLOUDFLARE_API_KEY='1150bed3f45247b99f7db9696fffa17cbx9'
# Specify zone ID
# export CLOUDFLARE_ZONE_ID='81b06ss3228f488fh84e5e993c2dc17'
export LEXICON_CLOUDFLARE_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_API_TOKEN")) }}{{ includeTemplate "secrets/CLOUDFLARE_API_TOKEN" | decrypt | trim }}{{ else }}{{ env "CLOUDFLARE_API_TOKEN" }}{{ end }}"
export LEXICON_CLOUDFLARE_ZONE="{{ .host.domain }}"

### DockerHub
export DOCKERHUB_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "DOCKERHUB_TOKEN")) }}{{ includeTemplate "secrets/DOCKERHUB_TOKEN" | decrypt | trim }}{{ else }}{{ env "DOCKERHUB_TOKEN" }}{{ end }}"
export DOCKERHUB_REGISTRY_PASSWORD="$DOCKERHUB_TOKEN"

### Elevenlabs
export ELEVENLABS_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "ELEVENLABS_API_KEY")) }}{{ includeTemplate "secrets/ELEVENLABS_API_KEY" | decrypt | trim }}{{ else }}{{ env "ELEVENLABS_API_KEY" }}{{ end }}"

### Fig
export FIG_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "FIG_TOKEN")) }}{{ includeTemplate "secrets/FIG_TOKEN" | decrypt | trim }}{{ else }}{{ env "FIG_TOKEN" }}{{ end }}"

### GitHub
export GH_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITHUB_TOKEN")) }}{{ includeTemplate "secrets/GITHUB_TOKEN" | decrypt | trim }}{{ else }}{{ env "GITHUB_TOKEN" }}{{ end }}"
export GITHUB_TOKEN="$GH_TOKEN"

### GitLab
export GL_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITLAB_TOKEN")) }}{{ includeTemplate "secrets/GITLAB_TOKEN" | decrypt | trim }}{{ else }}{{ env "GITLAB_TOKEN" }}{{ end }}"
export GITLAB_TOKEN="$GL_TOKEN"
export GITLAB_RUNNER_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITLAB_RUNNER_TOKEN")) }}{{ includeTemplate "secrets/GITLAB_RUNNER_TOKEN" | decrypt }}{{ else }}{{ env "GITLAB_RUNNER_TOKEN" }}{{ end }}"

### Heroku
export HEROKU_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "HEROKU_API_KEY")) }}{{ includeTemplate "secrets/HEROKU_API_KEY" | decrypt | trim }}{{ else }}{{ env "HEROKU_API_KEY" }}{{ end }}"

### Hishtory
export HISHTORY_USER_SECRET="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "HISHTORY_USER_SECRET")) }}{{ includeTemplate "secrets/HISHTORY_USER_SECRET" | decrypt | trim }}{{ else }}{{ env "HISHTORY_USER_SECRET" }}{{ end }}"

### Install Doctor
# TODO: Replace HEADLESS_INSTALL with {{ .host.headless }} data source once headless install detection is implemented
# export HEADLESS_INSTALL={{ .host.headless }}
export FIREFOX_PUBLIC_PROFILE="{{ .firefoxPublicProfile }}"
export FULL_NAME="{{ .user.name }}"
export HEADLESS_INSTALL=true
export HOST="{{ .host.hostname }}"
export KEYID="{{ .user.gpg.id }}"
export PRIMARY_EMAIL="{{ .user.email }}"
export PUBLIC_SERVICES_DOMAIN="{{ .host.domain }}"
export RESTRICTED_ENVIRONMENT={{ .host.restricted }}
export SOFTWARE_GROUP="{{ .host.softwareGroup }}"
export USER_USERNAME="{{ .user.username }}"
export WORK_ENVIRONMENT={{ .host.work }}

# Set to work environment if Cisco applications are installed (modify this to your liking)
if [ -d /Applications/Cisco ]; then
    export WORK_ENVIRONMENT=true
fi

### JuiceFS
export JFS_RSA_PASSPHRASE="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "JFS_RSA_PASSPHRASE")) }}{{ includeTemplate "secrets/JFS_RSA_PASSPHRASE" | decrypt | trim }}{{ else }}{{ env "JFS_RSA_PASSPHRASE" }}{{ end }}"

### Megabyte Labs
export FULLY_AUTOMATED_TASKS=true

### Minio
export MINIO_ROOT_USER="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "MINIO_ROOT_USER")) }}{{ includeTemplate "secrets/MINIO_ROOT_USER" | decrypt | trim }}{{ else }}{{ env "MINIO_ROOT_USER" }}{{ end }}"
export MINIO_ROOT_PASSWORD="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "MINIO_ROOT_PASSWORD")) }}{{ includeTemplate "secrets/MINIO_ROOT_PASSWORD" | decrypt | trim }}{{ else }}{{ env "MINIO_ROOT_PASSWORD" }}{{ end }}"

### NPM
export NPM_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NPM_TOKEN")) }}{{ includeTemplate "secrets/NPM_TOKEN" | decrypt | trim }}{{ else }}{{ env "NPM_TOKEN" }}{{ end }}"

### OpenAI
export OPENAI_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "OPENAI_API_KEY")) }}{{ includeTemplate "secrets/OPENAI_API_KEY" | decrypt | trim }}{{ else }}{{ env "OPENAI_API_KEY" }}{{ end }}"
### OpenCommit
export OCO_OPENAI_API_KEY="$OPENAI_API_KEY"

### Pexels
export PEXELS_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "PEXELS_API_KEY")) }}{{ includeTemplate "secrets/PEXELS_API_KEY" | decrypt | trim }}{{ else }}{{ env "PEXELS_API_KEY" }}{{ end }}"

### PyPi
export PYPI_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "PYPI_TOKEN")) }}{{ includeTemplate "secrets/PYPI_TOKEN" | decrypt | trim }}{{ else }}{{ env "PYPI_TOKEN" }}{{ end }}"

### Replicate
export REPLICATE_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "REPLICATE_API_KEY")) }}{{ includeTemplate "secrets/REPLICATE_API_KEY" | decrypt | trim }}{{ else }}{{ env "REPLICATE_API_KEY" }}{{ end }}"

### Search GPT
# Also relies on `OPENAI_API_KEY`
export GOOGLE_SEARCH_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GOOGLE_SEARCH_API_KEY")) }}{{ includeTemplate "secrets/GOOGLE_SEARCH_API_KEY" | decrypt | trim }}{{ else }}{{ env "GOOGLE_SEARCH_API_KEY" }}{{ end }}"
export GOOGLE_SEARCH_ID="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GOOGLE_SEARCH_ID")) }}{{ includeTemplate "secrets/GOOGLE_SEARCH_ID" | decrypt | trim }}{{ else }}{{ env "GOOGLE_SEARCH_ID" }}{{ end }}"

### SendGrid API Key
export SENDGRID_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SENDGRID_API_KEY")) }}{{ includeTemplate "secrets/SENDGRID_API_KEY" | decrypt | trim }}{{ else }}{{ env "SENDGRID_API_KEY" }}{{ end }}"

### Serper.dev
export SERP_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SERP_API_KEY")) }}{{ includeTemplate "secrets/SERP_API_KEY" | decrypt | trim }}{{ else }}{{ env "SERP_API_KEY" }}{{ end }}"

### SFTPGo
export SFTPGO_DEFAULT_ADMIN_PASSWORD="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SFTPGO_DEFAULT_ADMIN_PASSWORD")) }}{{ includeTemplate "secrets/SFTPGO_DEFAULT_ADMIN_PASSWORD" | decrypt | trim }}{{ else }}{{ env "SFTPGO_DEFAULT_ADMIN_PASSWORD" }}{{ end }}"
export SFTPGO_DEFAULT_ADMIN_USERNAME="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SFTPGO_DEFAULT_ADMIN_USERNAME")) }}{{ includeTemplate "secrets/SFTPGO_DEFAULT_ADMIN_USERNAME" | decrypt | trim }}{{ else }}{{ env "SFTPGO_DEFAULT_ADMIN_USERNAME" }}{{ end }}"

### Snapcraft
export SNAPCRAFT_EMAIL="{{ .user.snapcraft.username }}"
export SNAPCRAFT_MACAROON="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SNAPCRAFT_MACAROON")) }}{{ includeTemplate "secrets/SNAPCRAFT_MACAROON" | decrypt | trim }}{{ else }}{{ env "SNAPCRAFT_MACAROON" }}{{ end }}"
export SNAPCRAFT_UNBOUND_DISCHARGE="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SNAPCRAFT_UNBOUND_DISCHARGE")) }}{{ includeTemplate "secrets/SNAPCRAFT_UNBOUND_DISCHARGE" | decrypt | trim }}{{ else }}{{ env "SNAPCRAFT_UNBOUND_DISCHARGE" }}{{ end }}"

### Surge.sh
export SURGE_LOGIN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SURGE_LOGIN")) }}{{ includeTemplate "secrets/SURGE_LOGIN" | decrypt | trim }}{{ else }}{{ env "SURGE_LOGIN" }}{{ end }}"
export SURGE_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SURGE_TOKEN")) }}{{ includeTemplate "secrets/SURGE_TOKEN" | decrypt | trim }}{{ else }}{{ env "SURGE_TOKEN" }}{{ end }}"

### Tailscale
export TAILSCALE_AUTH_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "TAILSCALE_AUTH_KEY")) }}{{ includeTemplate "secrets/TAILSCALE_AUTH_KEY" | decrypt | trim }}{{ else }}{{ env "TAILSCALE_AUTH_KEY" }}{{ end }}"

### Vagrant Cloud
export VAGRANT_CLOUD_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VAGRANT_CLOUD_TOKEN")) }}{{ includeTemplate "secrets/VAGRANT_CLOUD_TOKEN" | decrypt | trim }}{{ else }}{{ env "VAGRANT_CLOUD_TOKEN" }}{{ end }}"

### VMWare
export VMWARE_WORKSTATION_LICENSE_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VMWARE_WORKSTATION_LICENSE_KEY")) }}{{ includeTemplate "secrets/VMWARE_WORKSTATION_LICENSE_KEY" | decrypt | trim }}{{ else }}{{ default "4C21U-2KK9Q-M8130-4V2QH-CF810" (env "VMWARE_WORKSTATION_LICENSE_KEY") }}{{ end }}"

### WebDAV
export WEBDAV_USER="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "WEBDAV_USER")) }}{{ includeTemplate "secrets/WEBDAV_USER" | decrypt | trim }}{{ else }}{{ env "WEBDAV_USER" }}{{ end }}"
export WEBDAV_PASSWORD="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "WEBDAV_PASSWORD")) }}{{ includeTemplate "secrets/WEBDAV_PASSWORD" | decrypt | trim }}{{ else }}{{ env "WEBDAV_PASSWORD" }}{{ end }}"

### Xcodes
# Apple ID username and password
export XCODES_USERNAME="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "APPLE_USERNAME")) }}{{ includeTemplate "secrets/APPLE_USERNAME" | decrypt | trim }}{{ else }}{{ env "APPLE_USERNAME" }}{{ end }}"
export XCODES_PASSWORD="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "APPLE_PASSWORD")) }}{{ includeTemplate "secrets/APPLE_PASSWORD" | decrypt | trim }}{{ else }}{{ env "APPLE_PASSWORD" }}{{ end }}"

{{ end -}}

Contents

Edit this page