You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
zsh-env-secrets automatically retrieves secrets from secure storage backends and exports them as
environment variables during shell initialization. This eliminates the need to store sensitive
information in plain text configuration files.
Installation
Oh My Zsh
Clone the repository to your Oh My Zsh custom plugins directory:
Add the configuration to your .zshrc before the plugin loads:
# Define secrets to load
ENV_SECRETS=(
"DATABASE_URL""API_KEY:my-app/api-key""SECRET_TOKEN:tokens/secret"
)
# Optional: specify backend (auto-detected if omitted)
ENV_SECRETS_BACKEND="pass"# Optional: do not display any error messages
ENV_SECRETS_QUIET=1
ENV_SECRETS
Required. An array of secrets to load. Each entry can be in one of two formats:
ENV_VAR_NAME:secret_path - Maps environment variable to a specific secret path
ENV_VAR_NAME - Uses the same name for both environment variable and secret path
ENV_SECRETS_BACKEND
Optional. Explicitly specify which backend to use. If not set, the plugin will automatically
detect the first available backend from the supported list.
Supported values:
pass - The standard Unix password manager
security - macOS Keychain
ENV_SECRETS_QUIET
Optional. If set, no error messages will be displayed.
