From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id KKJ8DpSFWl/HGwAA0tVLHw (envelope-from ) for ; Thu, 10 Sep 2020 19:59:16 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id zwU9CpSFWl8WeAAAbx9fmQ (envelope-from ) for ; Thu, 10 Sep 2020 19:59:16 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D3FC79400C7 for ; Thu, 10 Sep 2020 19:59:15 +0000 (UTC) Received: from localhost ([::1]:44362 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGSiv-0005SD-TS for larch@yhetil.org; Thu, 10 Sep 2020 15:59:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55476) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGSfR-0007ce-GN for emacs-orgmode@gnu.org; Thu, 10 Sep 2020 15:55:37 -0400 Received: from smtp-out-6.univ-rouen.fr ([193.52.152.101]:58903 helo=mailhoc.univ-rouen.fr) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGSfP-0001Pj-2y for emacs-orgmode@gnu.org; Thu, 10 Sep 2020 15:55:37 -0400 Received: from ired-15-19c0.home (lfbn-rou-1-553-197.w90-70.abo.wanadoo.fr [90.70.25.197]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailhoc.univ-rouen.fr (Postfix) with ESMTPSA id 79BF81E43 for ; Thu, 10 Sep 2020 21:55:29 +0200 (CEST) Message-ID: <78ce8771b0de8a51d69a8ad87d63c8288546c929.camel@univ-rouen.fr> Subject: How to replace secrets during org-babel tangle/export without loosing the reproductibility of original script ? From: rey-coyrehourcq To: emacs-orgmode@gnu.org Date: Thu, 10 Sep 2020 21:55:28 +0200 Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.1-2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=193.52.152.101; envelope-from=sebastien.rey-coyrehourcq@univ-rouen.fr; helo=mailhoc.univ-rouen.fr X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/10 15:55:29 X-ACL-Warn: Detected OS = Linux 3.1-3.10 [fuzzy] X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: "Emacs-orgmode" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of emacs-orgmode-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=emacs-orgmode-bounces@gnu.org X-Spam-Score: 1.49 X-TUID: q7AR8i7yhttU Hi there, First thanks again guys for all the works you doing on org-mode ! I'm searching a way or an example of workflow for such a thing i consider as a common pattern for reproductibility (reproductible papers in science for example). For example, i'm starting writing a blog post with org-mode and org-babel to deploy, for example, a nixOS system on a VPS. I wrote some bash scripts and a configuration.nix for nixOS which contains my gpg key, my vps password, and so on... When everything works right, i'm ready to publish my full working tutorial on web. BUT as you imagine, i don't want to share secrets/password ... - A first solution was to replace password by some "foo-bar" things, but doing that i lost all the reproductibility of this script in the future ... so this is silly. - A second solution, i suppose, was to dynamically choose if i want to replace or not password/secrets/etc by "foo-bar" things during tangle/export of the script. Because i'm not an expert in org-babel headers (so much possibilities ...), if you have some ready to go template/script to do that into org-babel, i'm interested ! Best ! -- Sébastien Rey-Coyrehourcq Research Engineer UMR IDEES 02.35.14.69.30 {Stronger security for your email, follow EFF tutorial : https://ssd.eff.org/}