* Secrets in org-babel
@ 2022-09-05 18:25 Felix Dorner
2022-09-05 19:11 ` Greg Minshall
2022-09-06 13:19 ` Ihor Radchenko
0 siblings, 2 replies; 3+ messages in thread
From: Felix Dorner @ 2022-09-05 18:25 UTC (permalink / raw)
To: emacs-orgmode
[-- Attachment #1: Type: text/plain, Size: 667 bytes --]
New org user, fascinated by org-babel, but stumbled over something I have
no good solution for: I have mostly shell blocks, and very often have to
retrieve secrets from aws secretsmanager before I can do anything useful,
e.g. query a database in several places. What I've been doing is to put the
secret retrieval into a named block and can then inject the secret into
other blocks with a parameter that calls that block. But then, the secret
value is also echoed to the messages buffer, which I'd like to avoid? I'd
also like to avoid repeating the secrets-retrieval code all over the place.
Thanks for any tips.
Felix
--
Linux. The choice of a GNU generation.
[-- Attachment #2: Type: text/html, Size: 894 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Secrets in org-babel
2022-09-05 18:25 Secrets in org-babel Felix Dorner
@ 2022-09-05 19:11 ` Greg Minshall
2022-09-06 13:19 ` Ihor Radchenko
1 sibling, 0 replies; 3+ messages in thread
From: Greg Minshall @ 2022-09-05 19:11 UTC (permalink / raw)
To: Felix Dorner; +Cc: emacs-orgmode
Felix,
my setup is probably too complicated. and, i don't really know what
"aws secretsmanager" is, or how you interact with it. but, in case this
helps...
i put ("long-term") secrets in pass
----
https://www.passwordstore.org/
----
for "programmatic access" (in particular, for passwords needed by e-mail
sending and retrieving programs), avoiding having to enter my password
every ten minutes (or so), i wrote something called credeface/credepass
----
https://gitlab.com/minshall/credeface
----
which uses git's (!) credential cache for this service
----
https://git-scm.com/docs/git-credential
----
in your case, you might just use `credeface` to first store, then later
retrieve, whatever secrets you get from "aws secretsmanager".
occasionally (`--timeout`), you should be asked by `credeface` to
refresh that value.
----
bash archlinux (master): {1315} credeface --username ipsilon --host example.com store
this is that
bash archlinux (master): {1316} credeface --username ipsilon --host example.com get
cannot display secrets on the terminal
bash archlinux (master): {1317} credeface --username ipsilon --host example.com get | cat
this is that
----
cheers, Greg
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Secrets in org-babel
2022-09-05 18:25 Secrets in org-babel Felix Dorner
2022-09-05 19:11 ` Greg Minshall
@ 2022-09-06 13:19 ` Ihor Radchenko
1 sibling, 0 replies; 3+ messages in thread
From: Ihor Radchenko @ 2022-09-06 13:19 UTC (permalink / raw)
To: Felix Dorner; +Cc: emacs-orgmode
Felix Dorner <felix.dorner@gmail.com> writes:
> New org user, fascinated by org-babel, but stumbled over something I have
> no good solution for: I have mostly shell blocks, and very often have to
> retrieve secrets from aws secretsmanager before I can do anything useful,
> e.g. query a database in several places. What I've been doing is to put the
> secret retrieval into a named block and can then inject the secret into
> other blocks with a parameter that calls that block. But then, the secret
> value is also echoed to the messages buffer, which I'd like to avoid? I'd
> also like to avoid repeating the secrets-retrieval code all over the place.
> Thanks for any tips.
:results none or :results silent will not echo the output.
Also, you may find https://www.kpassa.me/posts/literate2/ useful.
Finally, you may put your named secret block inside encrypted heading
via org-crypt (https://orgmode.org/manual/Org-Crypt.html#Org-Crypt).
--
Ihor Radchenko,
Org mode contributor,
Learn more about Org mode at https://orgmode.org/.
Support Org development at https://liberapay.com/org-mode,
or support my work at https://liberapay.com/yantar92
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-09-06 13:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-05 18:25 Secrets in org-babel Felix Dorner
2022-09-05 19:11 ` Greg Minshall
2022-09-06 13:19 ` Ihor Radchenko
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).