1Password CLI 的 Sh 插件。需要版本 2 的 1Password CLI,可从 https://1password.com/downloads/command-line/ 获取。
Sh 是一个从 Swift 程序运行命令行工具的工具。从 https://github.com/FullQueueDeveloper/Sh 了解更多关于 Sh 的信息。
从 1Password 获取密钥并将其上传到 Heroku 秘密配置变量。
import Sh1Password
import Sh
let op = OP()
// fetch key
let key = try op.get(item: "Server",
vault: "MyProjectVault",
section: "Signing Keys",
field: "JWT Signing Key")
// upload to heroku
let environment: [String: String] = [
"JWT_SIGNING_KEY": key
]
let cmd: String = #"heroku config:set JWT_SIGNING_KEY="$JWT_SIGNING_KEY""#
try sh(.terminal, cmd, enviroment: environment)
// swift-tools-version:5.6
import PackageDescription
let package = Package(
name: "Scripts",
platforms: [.macOS(.v12)],
dependencies: [
.package(url: "https://github.com/FullQueueDeveloper/Sh.git", from: "1.0.0"),
.package(url: "https://github.com/FullQueueDeveloper/Sh1Password.git", from: "0.1.1"),
],
targets: [
.executableTarget(
name: "heroku-env",
dependencies: [
"Sh", "Sh1Password",
]),
]
)
1Password 的 CLI 工具可以将密钥从 1Password 传递给脚本和命令。例如,op run --env-file tf.env -- terraform init,其中 tf.env 看起来像这样
AWS_ACCESS_KEY_ID="op://MyVault/Terraform/access-key"
AWS_SECRET_KEY="op://MyVault/Terraform/secret-key"
op:// 链接是对密钥的引用。op run 在一个子进程中运行 terraform init,并将密钥的实际值放在该子进程的环境中。
这是文档链接:https://developer.1password.com/docs/cli/reference/commands/run/