Setting flags with environment variables

To ease the use of the SecretHub CLI in a command line environment, it is possible to set most flags by setting a environment variable instead. The variable to set, is of the form SECRETHUB_COMMAND_FLAGNAME. For example, to always use symbols when executing secrethub generate rand, set SECRETHUB_RAND_SYMBOLS to 1.

For global flags, the command is left out. So for --config-dir the variable name becomes: SECRETHUB_CONFIG_DIR.

To check whether an environment variable is correctly recognized by the CLI, execute:

# Show all configured environment variables.
secrethub printenv

This will list all environment variables starting with SECRETHUB_. Typos happen to everyone, so the command will show incorrect variables starting with SECRETHUB_ as unrecognized. Also, the flag -v can be added to this command to list all supported variables:

# Show all possible environment variables and their status.
secrethub printenv -v

Setting environment variables in Linux and macOS

In Unix-like systems, environment variables can be set by using the export command:

# In a UNIX terminal
export SECRETHUB_COMMAND_FLAGNAME=<flag-value>

Setting environment variables in Windows

To set an environment variable in PowerShell, use the following command:

# In Windows PowerShell
$env:SECRETHUB_COMMAND_FLAGNAME=<flag-value>

In Command Prompt, the same result can be achieved by using the set command:

# In Windows Command Prompt
set SECRETHUB_COMMAND_FLAGNAME=<flag-value>

In both cases, the variables can also be set in the Windows Control Panel (Control Panel -> System -> Advanced System Settings -> Environment Variables...). This sets the environment variables permanently. Please be sure to restart Command Prompt/PowerShell after setting the variables here.

Caution: environment variables can be read by other processes running on the same machine. Be careful with setting SECRETHUB_CREDENTIAL or SECRETHUB_CREDENTIAL_PASSPHRASE (or any other sensitive variable) as a permanent environment variable, as it could compromise the security of your account credential file.