scripts/SECRETS_README.md at main · vitorpy.com/dotfiles

vitorpy.com / dotfiles
vitorpy's Dotfiles
dotfiles / scripts / SECRETS_README.md
at main 2.1 kB view raw view rendered
 1# Secret Management with Keeper Commander
 2
 3This setup integrates Keeper Password Manager with your dotfiles for secure secret management.
 4
 5## Quick Setup
 6
 7Run the setup script to install and configure Keeper Commander:
 8
 9```bash
10~/.local/share/chezmoi/scripts/setup-keeper-secrets.sh
11```
12
13## How It Works
14
151. **Fish Shell Integration**: The `~/.config/fish/secrets.fish` file automatically loads secrets from Keeper when you start a new shell session.
16
172. **Secrets Managed**:
18   - `ANTHROPIC_API_KEY` - For AI assistant tools
19   - `NPM_TOKEN` - For npm package management
20
213. **No Templates Required**: Unlike typical chezmoi templates, this uses plain Fish shell checks to load secrets dynamically.
22
23## Configuration
24
25After running the setup script, you need to:
26
271. **Find your Keeper record UIDs**:
28   ```bash
29   keeper list
30   # Or for JSON output:
31   keeper list --format=json | jq -r '.[] | {title, record_uid}'
32   ```
33
342. **Update the UIDs in `secrets.fish`**:
35   Edit `~/.config/fish/secrets.fish` and replace:
36   - `ANTHROPIC_RECORD_UID` with your Anthropic API key record UID
37   - `NPM_RECORD_UID` with your NPM token record UID
38
39## Manual Fallback
40
41If you prefer not to use Keeper, create a local secrets file:
42
43```bash
44cat > ~/.config/fish/secrets.local.fish << 'EOF'
45set -gx ANTHROPIC_API_KEY "your-api-key-here"
46set -gx NPM_TOKEN "your-npm-token-here"
47EOF
48
49chmod 600 ~/.config/fish/secrets.local.fish
50```
51
52## Security Notes
53
54- Secrets are never committed to the repository
55- Keeper Commander stores credentials encrypted locally
56- The `secrets.fish` file only contains the logic, not actual secrets
57- Local fallback files (`.local.fish`) should be in `.gitignore`
58
59## Testing
60
61To verify secrets are loaded correctly:
62
63```bash
64# Start a new fish shell
65fish
66
67# Check if secrets are loaded
68echo $ANTHROPIC_API_KEY
69echo $NPM_TOKEN
70```
71
72## Troubleshooting
73
74- **Keeper not found**: Run the setup script
75- **Not logged in**: Run `keeper login`
76- **Record not found**: Check the UID with `keeper list`
77- **Python errors**: Ensure Python 3 is installed