lade 0.3.0

Automatically load secrets from your preferred vault as environment variables, and clear them once your shell command is over.
lade-0.3.0 is not a library.

Lade

Lade started as a way to load secrets into Metatype. This repository contains an extension supporting popular shells and allow users to load secrets from their preferred vault into environment variables in a breeze.

Demo

Getting started

You can download the binary executable from releases page on Github, make it executable and add it to your $PATH or use eget to automate those steps.

eget zifeo/lade --to $HOME/.local/bin

# via cargo
cargo install lade --locked
cargo install --git https://github.com/zifeo/lade --locked

# upgrade
lade self upgrade

Compatible shells: Fish, Bash, Zsh

Compatible vaults: Infisical, 1Password CLI, Doppler

Usage

Lade will run before and after any command you run in your shell. On each run, it will recursively look for lade.yml files in the current directory and its parents. It will then load any secrets matching the command you are running using a regex.

eval "$(lade on)"

cd examples/terraform
terraform apply
# example = "hello world"

eval "$(lade off)"

Note: most of the vault loaders use the corresponding native CLI to operate. This means you must have them installed locally and your login/credentials must be valid. Lade may evolve by integrating directly with the corresponding API and is left as future work.

See lade.yml or the examples folders for other uses cases.

Infisical loader

command regex:
    EXPORTED_ENV_VAR: infisical://DOMAIN/PROJECT_NAME/ENV_NAME/SECRET_NAME

Frequent domain(s): app.infisical.com.

Note: the /api is automatically added to the DOMAIN. This source currently only support a single domain (you cannot be logged into multiple ones).

1Password loader

command regex:
    EXPORTED_ENV_VAR: op://DOMAIN/VAULT_NAME/SECRET_NAME/FIELD_NAME

Frequent domain(s): my.1password.eu, my.1password.com or my.1password.ca.

Doppler loader

command regex:
    EXPORTED_ENV_VAR: doppler://DOMAIN/PROJECT_NAME/ENV_NAME/SECRET_NAME

Frequent domain(s): api.doppler.com.

Raw loader

command regex:
    EXPORTED_ENV_VAR: "value"

Development

eval "$(cargo run -- on)"
echo a $A1 $A2 $B1 $B2 $B3 $C1 $C2 $C3
cargo run -- -vvv set echo a
eval "$(cargo run -- off)"