Using Bitwarden to Populate Local Environment Variables

Developers often have sensitive environment variables that they need to populate on their development machine. This might include Github Personal Access Tokens and AWS access keys. One way to achieve this is to store these environment variables in your local ~/.bashrc or ~/.zshrc.

Best practices suggest that you never leave your machine unlocked when you’re away from it and you always have full-disk encryption enabled (FileVault on OS X).

Keeping sensitive credentials off of your machine altogether gives you another layer of protection.

At the same time, I want to load these sensitive environment variables easily.

To do this, I use Bitwarden’s CLI. This pattern can be done with similar products that have a CLI, like 1Password. You can walk through a demo of that here.

Let’s take a look at the end result.

To make this all work, there are only a few steps for zsh (you can extend the example to other shells if desired):

1. Install the Bitwarden CLI
2. Copy the bw-env script into place
3. Tell zsh to load in bw-env automatically
4. Reload your shell

The code and full instructions and examples are available at https://github.com/FulcrumOps/bw-env.