I’m working with a repository that requires a secret to be available as a bash environment variable. I’m currently using Agenix to manage my NixOS secrets, but I’m unsure about the best practice for exposing an Agenix secret as an environment variable.
Is there a recommended approach for this?
Not sure if this is the best way to do it, but I exposed them in my shell’s (zsh in my case) sessionVariables setting like
{
config,
agenix,
...
}: {
imports = [
agenix.homeManagerModules.default
];
age.secrets = {
groq-api-key.file = ../../../secrets/groq-api-key.age;
};
programs.zsh.sessionVariables = {
GROQ_API_KEY = "$(cat ${config.age.secrets.groq-api-key.path})";
};
}
Maybe GitHub - aciceri/agenix-shell ?