senv

command module

v0.7.0 Latest Latest Go to latest Published: Feb 23, 2021 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/spectralops/senv

Links

Open Source Insights

README ¶

senv - safer `env`

Friends don't let friends leak secrets in terminal windows.

📺 Print your environment to the terminal without worry, even in recorded Zoom sessions
🙈 Execute commands and block snooping your secrets
💻 Start an interactive shell with non-sensitive environment variables
🐳 Use senv with Docker to ensure nothing inside the container is snooping around
#⃣ Copy senv to /usr/bin and use /usr/bin/senv in your shebang lines to ensure no secret leaks

Quick Start

You can install senv with homebrew:

$ brew tap spectralops/tap && brew install senv

Print env

Use it just like env. Now you can print your environment in Zoom sessions 😄

$ senv

Execute command

Using senv before your command ensures no environment variable you don't want will be transferred to the binary that will run:

$ senv my-binary --myopts todo.txt

A more secure shebang

Place senv in /usr/bin/senv, and now you run safe, like so:

#!/usr/bin/senv node

console.log("hello, world")

Options

$ senv --help
Arguments:
  [<cmd> ...]    Command to execute

Flags:
  -h, --help      Show context-sensitive help.
      --info      Show information
      --create    Create global config
      --config    Path to config file

The redaction list

Redactions are simply names of sensitive keys, or regular expressions of keys. Any of these is good:

GITHUB_TOKEN
.*_TOKEN

You can can submit a pull request if this is a popular key, or add to your own global configuration if you like to do things in a different but specific way.

Adding your own redactions

You can easily make your own custom redaction list. Create it:

$ senv --create
Wrote config to ~/.senv.yaml

Now you can add to your .senv.yaml:

# ~/.senv.yaml

redact:
- MY_SECRET_TOKEN

MY_SECRET_TOKEN will now be removed from the environment, in addition to the set of redaction senv already performs. If you like to start from scratch and redact only your own list:

# ~/.senv.yaml

no_defaults: true
redact:
- MY_SECRET_TOKEN

Use as a library

You can use senv as a library in the following way:

import (
	"github.com/spectralops/senv/pkg"
)
senv := pkg.Senv{
  Cmd: []string{ "my-cmd", "arg1" }
}
senv.Init()
senv.Clean() // from this point your env is clean

// you can also use:
// senv.Print()
// senv.Exec()