From d411f346b4c05375e4a3d0bbcf48c2d84b1b2e72 Mon Sep 17 00:00:00 2001 From: Mitsuo Tokumori Date: Tue, 7 Jul 2026 05:36:07 +0900 Subject: Initial commit --- README | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 README (limited to 'README') diff --git a/README b/README new file mode 100644 index 0000000..f50f0b2 --- /dev/null +++ b/README @@ -0,0 +1,47 @@ +Bootstrap secrets management in a project. + +Problem: Secrets (e.g., passowrds, API keys) get accidentaly commited and are +leaked when a repository becomes public. + +Solution: + +secrets.sh.example defines variable names +secrets.sh defines secret values +run.sh sources secrets +.gitignore exclude secrets.sh + +Rationale +========= + +People are lazy. The less steps the better. So, `run.sh` should create +`secrets.sh` out of `secrets.sh.example`, and nd tell the user to modify it. + +This flow is simple and portable. No unreliable dependencies like: + +https://pypi.org/project/python-dotenv/ for the people that cannot use os.environ +https://www.npmjs.com/package/dotenv + +People often use these tools because they don't know shell scripting. Here's a +quick reminder + +```sh +foo=somevalue +./run # does not receive foo +foo=anothervalue ./run # passes foo only for ./run +export foo # mark variable for automatic export +export -n foo # remove export mark +unset foo # delete variable, alongside any marks + +set | grep foo # check local variables +env | grep foo # check variables marked for automatic export to the environment of subsequently executed commands + + +# shell built-ins +help export +help unset + +# external programs +man env + +# Shell built-ins take precedence over any external program with the same name. +``` -- cgit v1.2.3