Pipenv: Allow pipenv shell to execute a custom executable script to init vars for that shell (secrets).
Is your feature request related to a problem? Please describe.
It doesn't seem to be possible to create a pipenv shell and source vars from some executable in addition to .env.
Describe the solution you'd like
When I run pipenv shell I'd like it automatically do something like source secrets.py or source secrets.sh to acquire env vars that are encrypted secrets. I am hoping to do that so I don't have to store a secret on disk (like in .env)
Describe alternatives you've considered
Not sure of any.
Additional context
I'm interested in pulling some secrets from Hashicorp Vault / Ansible Vault and making them available as environment variables without them ever touching the disk. Even temporary existence on disk creates more opportunity I'd like for an attacker to kill a process before it gets cleaned up
queglay
All 3 comments
+1, this is also something I would find useful and should be fairly trivial to implement.
I had a skim over the relevant code and might put a PR together.
CodePint
on 2 Nov 2020
A better approach would be to allow passing arbitrary arguments to the underlying shell when pipenv launches it. This would enable things like (assuming your shell is Bash; most shells have similar mechanism)
pipenv shell -- --rcfile <(echo 'source ~/.bashrc; source secrets.sh')
which the user has complete control over.
uranusjr
on 2 Nov 2020
This is well supported by pipenv shell -- --rcfile <(echo 'source ~/.bashrc; source secrets.sh'), the arguments passed to pipenv shell depend on what shell you are using.
frostming
on 4 Nov 2020
Related issues
ansrivas
路
3Comments
randName
路
3Comments
jakul
路
3Comments
marc-fez
路
3Comments
erinxocon
路
3Comments