Re: Secrets in org-babel
Felix Dorner writes: > New org user, fascinated by org-babel, but stumbled over something I have > no good solution for: I have mostly shell blocks, and very often have to > retrieve secrets from aws secretsmanager before I can do anything useful, > e.g. query a database in several places. What I've been doing is to put the > secret retrieval into a named block and can then inject the secret into > other blocks with a parameter that calls that block. But then, the secret > value is also echoed to the messages buffer, which I'd like to avoid? I'd > also like to avoid repeating the secrets-retrieval code all over the place. > Thanks for any tips. :results none or :results silent will not echo the output. Also, you may find https://www.kpassa.me/posts/literate2/ useful. Finally, you may put your named secret block inside encrypted heading via org-crypt (https://orgmode.org/manual/Org-Crypt.html#Org-Crypt). -- Ihor Radchenko, Org mode contributor, Learn more about Org mode at https://orgmode.org/. Support Org development at https://liberapay.com/org-mode, or support my work at https://liberapay.com/yantar92
Re: Secrets in org-babel
Felix, my setup is probably too complicated. and, i don't really know what "aws secretsmanager" is, or how you interact with it. but, in case this helps... i put ("long-term") secrets in pass https://www.passwordstore.org/ for "programmatic access" (in particular, for passwords needed by e-mail sending and retrieving programs), avoiding having to enter my password every ten minutes (or so), i wrote something called credeface/credepass https://gitlab.com/minshall/credeface which uses git's (!) credential cache for this service https://git-scm.com/docs/git-credential in your case, you might just use `credeface` to first store, then later retrieve, whatever secrets you get from "aws secretsmanager". occasionally (`--timeout`), you should be asked by `credeface` to refresh that value. bash archlinux (master): {1315} credeface --username ipsilon --host example.com store this is that bash archlinux (master): {1316} credeface --username ipsilon --host example.com get cannot display secrets on the terminal bash archlinux (master): {1317} credeface --username ipsilon --host example.com get | cat this is that cheers, Greg
Secrets in org-babel
New org user, fascinated by org-babel, but stumbled over something I have no good solution for: I have mostly shell blocks, and very often have to retrieve secrets from aws secretsmanager before I can do anything useful, e.g. query a database in several places. What I've been doing is to put the secret retrieval into a named block and can then inject the secret into other blocks with a parameter that calls that block. But then, the secret value is also echoed to the messages buffer, which I'd like to avoid? I'd also like to avoid repeating the secrets-retrieval code all over the place. Thanks for any tips. Felix -- Linux. The choice of a GNU generation.