Closed rayjlinden closed 2 months ago
What you're asking for is impossible. You want to install a secret on a machine without any interaction on that machine. That means that anyone else can run the same sequence of commands and obtain your secret.
You have to either share data privately (e.g. use a private dotfiles repo) or share some kind of secret interactively.
Personally, I use the 1Password CLI and accept that I have to interactively enter my account details on any new machine.
In your case you probably want to use GitHub Codespace's existing secrets support. Note that this uses a "share data privately" mechanism under the hood.
I ended up using the gh secrets in code spaces. So then I have a template that does the following: token: {{or (env "JIRA_API_TOKEN") (or (onepasswordRead "op://Work/Jira/JIRA_API_TOKEN") "no value set")}}
So it is set and as an environment variable (which I can set up for codes-aces it uses that). If that does not exist it will get the secret from one-password. (If that does't exist it will set it to "no value set".)
Seems to be working. So this work around may be fine...
What exactly are you trying to do?
I have chezmoi working fine and my Mac. a linux machine and Github codespaces. (So cool!) However, I have a dot file that contains a token that should not be in my dot files repo.
Ok - chezmoi has this cool integration with 1Password. Let me use that! It's working fine on my Mac. I'm not sure how to make this work in GitHub codespaces.
I know how to install the 1Password app and sign into it. No problem.... I had hoped I could just do this part in the install.sh file.
But dotfile are loaded in codespaces it requires the install.sh file be non-interactive. So how do I get this to work?
What have you tried so far?
Describe what you have tried so far.
Where else have you checked for solutions?
Output of any commands you've tried with
--verbose
flagOutput of
chezmoi doctor
Additional context
Add any other context about the problem here.