What do folks here do to avoid having plaintext credentials on disk? I try to use 1Password's plugins where I can. I find the SSH key (and got signing) experience flawless, but the cli experience (eg aws cli) pretty clunky - they often break, and they don't even have a gcp plugin last I checked.
I'm not a huge fan of 1Password, there have been way too many issues in the past with it. If you're on a Mac, I can highly recommend you to check out Secretive https://github.com/maxgoedjen/secretive
Love that feeling when you read through a repo and think, "Wow, this looks cool," and go to star it, and see that you already have, and clearly forgot about it
Anyway, thanks for sharing. It doesn't look like it handles cli auth though (aws, npm, etc. all leave tokens sitting in your home directory). What do you use for those?
`sops` combined with `age` is great! Benefit is that it doesn't tie you into 1Password's ecosystem
That looks interesting, but unless I'm missing it, it still leaves you with things like ~/.aws/credentials in plaintext on disk, doesn't it?
AWS allows you to set `credential_process` and have it point to a script that fetches your credential from wherever you like and print it to stdout.