- Published on
List of My Recent Technical Migrations
- Authors
- Name
- Teddy Xinyuan Chen
Table of Contents
SecretOps: envchain -> Doppler & Infisical
I've been using envchain
for years, which enabled 0 latency (no network calls involved) access to secrets stored in macOS Keychain, and grouping and injection of env vars on the command line.
Inspired by Homebrew's shellenv
subcommand, I made the envchain-shellenv
tool to batch inject shell env vars defined in a YAML config file. The secrets are fetched with envchain
.
Before envchain, I also tried the famous UNIXy pass
tool, which requires use of GPG. Syncing is straightforward, with Git or any syncing tool, like Syncthing or even Google Drive. Due to my love-hate relationship with GPG and reluctance to enter a long password everytime I need to access it, I decided not to use it.
However, when switching to another Mac, although I was able to import the Login Keychain from the previous Mac as a new custom keychain, envchain stopped working with them. A macOS bug kept envchain stuck even though I've entered the password to unlock the keychain and clicked on "Always Allow".
So I picked up my old Doppler account again, importing everything saved via envchain to Doppler (I made a script for that using chainbreaker
and Doppler Python SDK).
It worked fine, my only complaints are:
- Latency, since no secrets are stored locally and have to be fetched over the wire.
- Closed source and free plan only gives you 10 projects.
I recalled reading about Infisical
on HN before, when it was just getting started. Now it's a more established software and service, source-available and self-hostable.
The Infisical Python library seems only to be able to interact with secrets, not projects or other entities for now. I think I'll switch to Infisical one it can do that.
TOTP: Authy -> Ente Auth
I need my TOTP app to be
- Not the same app as the password manager
- Secure
- Community-supported or have a healthy and transparent business model
- Cross platform (including desktop, which is why I had to move away from Authy when it decided that users don't need to use a desktop TOTP app)
- Importing and exporting (Authy also decided that exporting secrets is harmful to users, as an excuse to lock in the poor long time users.)
- Open source and free syncing are a bonuses