8

I am trying to persist keys fetched form key vault as environment variable for a given user on linux server. The script does not work. I am not even able to see the if the variable was set temporarily in the shell.

This is my script.

#!/usr/bin/env bash
  KEY_VAULT=$1

function fetch_secret_from_keyvault() {
    local SECRET_NAME=$1

    az keyvault secret show --vault-name "${KEY_VAULT}" --name "${SECRET_NAME}" --query "value"
}

function store_secret_from_keyvault() {
    local SECRET_VAR=$1
    local SECRET_NAME=$2

    local SECRET_VALUE=`fetch_secret_from_keyvault "${SECRET_NAME}"`
    store_secret "${SECRET_VAR}" "${SECRET_VALUE}"
}

function store_secret() {
    local SECRET_VAR=$1
    local SECRET_VALUE=$2

    echo "export ${SECRET_VAR}=${SECRET_VALUE}"
}

echo "# ----------------------- "
echo "# Fetched the following secret from ${KEY_VAULT} on "`date`

store_secret_from_keyvault "MONGO_URI" "local-dev-mongo-uri"

I have read that export only temporarily stores the variable.

The script runs, but the variables are not set at the end. I would like to see them when executing

printenv
Improve this question
6
  • A child process can never affect the environment of the parent. Commented Oct 16, 2021 at 23:28
  • 3
    Persist it where? Using the export command makes it available in the shell process running your script and in subprocesses of that shell (i.e. commands, other scripts etc run from that script), but not outside that process (i.e. to whatever process ran the script). Printing export as you're currently doing, doesn't actually make it available anywhere (unless something else catches the output and executes it?). Where are you trying to make that variable available? Commented Oct 16, 2021 at 23:29
  • might help if you showed an example of the function being called and what you expect to see after calling said function Commented Oct 16, 2021 at 23:45
  • well, it clearly says that I a looking to store the key extracted from the vault as env variables Commented Oct 17, 2021 at 21:56
  • @NesanMano But what process or processes are you trying to make it available to? Each process has its own environment, so you need to be clear about which environment(s) you're trying to add it to. Commented Oct 18, 2021 at 18:23

2 Answers 2

Reset to default
17

If you run a script to set variables, the variables will only be set in the context of that particular execution. To set variables, you have to source the file, not execute it.

Ex. setenv.bash

#!/bin/bash
export var1=value1
export var2=value2

If you do ./setenv.bash, var1 and var2 will only exist while the script is running.

If you do . ./setenv.bash or source ./setenv.bash, var1 and var2 will exist after the script is done.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

wow, TIL! Been working with shell scripts for 10 years now and didn't really ever pay attention to execution vs sourcing and its effects on the environment!
Works in Debian 13 (Trixie).
6

Assumptions:

  • OP wants to dynamically populate and export a new variable such that ...
  • the new variable is available/exported in the current session

One idea using a nameref ...

function store_secret() {
    declare -n SECRET_VAR=${1}
    export SECRET_VAR=${2}
}

Running a test:

$ unset secret_var
$ secret_var=56
$ typeset -p secret_var
declare -- secret_var="56"                  # defined as a normal variable

$ unset secret_var
$ typeset -p secret_var
-bash: typeset: secret_var: not found       # variable is undefined

$ store_secret secret_var 47
$ typeset -p secret_var
declare -x secret_var="47"                  # defined as an exported variable
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.