Populate variable names from secret store, and easily clean them up.

secrets.sh

#!/bin/sh

# Loads and unloads secrets from pass into shell environment variables.
# Usage:
#   # Load secrets:
#   $ source secrets.sh
#
#   # Unload secrets
#   $ source secrets.sh unload
#
# SEC_var_prefix can be used to prefix each variable name with a specific string.
# For example, if SEC_var_prefix is set to "X_", each target variable would start
# with "X_".
#
# Secrets get listed at the end of the file, separated by a newline. Each line
# should consist of secret path and optionnally a target variable name, separated
# by spaces. If the target variable name is ommited, the secret name will be used.
# Empty lines are ignnored.
#
# Each variable that is loaded has its name printed to stdout.

SEC_var_prefix=""

# Iterate variable list
while read -r spath vname; do
    # Skip empty lines
    [ -z "${spath}" ] && continue
    # Skip comments
    [ "${spath:0:1}" = "#" ] && continue
    # If variable name was ommited, use secret name
    [ -z "${vname}" ] && vname=$(basename ${spath})

    var_name=${SEC_var_prefix}${vname}

    echo ${var_name}

    if [ -z "$1" ] || [ "$1" = "load" ]; then
        export ${var_name}=$(pass ${spath})
    elif [ "$1" = "unload" ]; then
        unset ${var_name}
    fi
done << EOF # Read till EOF, or actual end of file
### SECRETS FOLLOW

path/to/secret          MY_SECRET
path/to/ANOTHER_SECRET