By centrally managing confidential information in the local environment with 1Password, you can prevent the risk of disclosing API Keys, etc. to github.

Setup

The following two should be installed.

• 1Password CLI
• jq

Get AWS access information from 1Password

The following settings can be used to access AWS from your own programs as well as the AWS CLI.

1. Store access information in 1Password

2. Set credential_process in ~/.aws/config

[default]
credential_process = sh -c "op item get 'aws-credential-default' --format json --fields label=aws_access_key_id  --fields label=aws_secret_access_key | jq 'map({key: .label, value: .value}) | {Version: 1, AccessKeyId:.[0].value, SecretAccessKey:.[1].value}'"

Retrieve environment variables from 1Password

1. Save API Key in 1Password

2. Set environment variable from 1Password at program runtime

OPENAI_API_KEY=$(op item get OpenAI --fields label=api-key --format json | jq -r '.value') \
python gpt.py

See also

• Set AWS Secrets Manager values to environment variables in rust
• Using AWS Secrets Manager with Spring Boot
• How to receive mail in Amazon SES and save it in S3
• Client side verifiable Access token (Session ID) by JWT-RS512
• Safely store passwords with BCrypt