feat: add env command for shell-consumable vault export#158
Merged
Conversation
Outputs vault field values as shell-safe KEY='value' lines, designed for eval $(enpass-cli env ...) workflows. Supports -field flag to select a specific field label (default: password) and -json for programmatic consumption. Claude-Session: https://claude.ai/code/session_01Lr7gquKQVPezfc8NvN39q8
Validate varName as a POSIX shell identifier to prevent injection via eval. Clear the default cardType filter in the -field path so non-password field labels (username, Access Key, etc.) are actually reachable. Output text pairs immediately instead of accumulating. Claude-Session: https://claude.ai/code/session_01Lr7gquKQVPezfc8NvN39q8
Owner
|
Thank you! |
wpfleger96
added a commit
to wpfleger96/shell-configs
that referenced
this pull request
Jun 22, 2026
Adds `enpass-cli` as a managed WSL package and a `load-tf-secrets` shell function for loading homelabconfigs Terraform secrets from an Enpass vault into the current shell session. `enpass-cli` is installed from upstream GitHub releases (`hazcod/enpass-cli`) via the `script` method — downloads the latest `linux_amd64` zip, extracts the binary, and places it in `~/.local/bin/enpass-cli`. Marked `wsl_only` since the Enpass vault lives on the Windows filesystem. - `load-tf-secrets` prompts for the master password once, exports `MASTERPW`, runs all 11 `enpass-cli -nonInteractive` invocations, then unsets it - Covers all 11 root-level `TF_VAR_*` secrets across homelab/Proxmox (5), AWS (1), GCP (4), and Cloudflare (1) stacks - `ENPASS_VAULT_PATH` exported as WSL default pointing at the primary vault directory - Depends on the `env` command merged in [hazcod/enpass-cli#158](hazcod/enpass-cli#158) (shipped in v1.12.0) https://claude.ai/code/session_01Lr7gquKQVPezfc8NvN39q8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds an
envsubcommand that outputs vault field values as shell-safeKEY='value'lines, designed foreval $(enpass-cli env ...)workflows.Usage
Summary
VARNAME=filterpair — the filter uses the same substring matching as existing commandsVARNAMEis validated as a POSIX shell identifier ([a-zA-Z_][a-zA-Z0-9_]*) to prevent injection when output iseval'd-fieldflag selects which field label to extract (default: password field)-fieldis set, the defaultcardTypefilter is cleared so non-password field types (username, email, custom fields) are reachable'escaped as'\''for safe shell eval-jsonfor programmatic consumption-fieldusesGetEntry()(same aspass), with-fieldusesGetAllFields()+ case-insensitive label matching{"KEY":"value"}objecthttps://claude.ai/code/session_01Lr7gquKQVPezfc8NvN39q8