zsh-env-secrets automatically retrieves secrets from secure storage backends and exports them as environment variables during shell initialization. This eliminates the need to store sensitive information in plain text configuration files.

1. Clone the repository to your Oh My Zsh custom plugins directory:

   git clone https://github.com/singular0/zsh-env-secrets.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-env-secrets

2. Add the plugin to your .zshrc:

   plugins=(... zsh-env-secrets)

zplug "singular0/zsh-env-secrets"

Add the configuration to your .zshrc before the plugin loads:

# Define secrets to load
ENV_SECRETS=(
  "DATABASE_URL"
  "API_KEY:my-app/api-key"
  "SECRET_TOKEN:tokens/secret"
)

# Optional: specify backend (auto-detected if omitted)
ENV_SECRETS_BACKEND="pass"


# Optional: do not display any error messages
ENV_SECRETS_QUIET=1

Required. An array of secrets to load. Each entry can be in one of two formats:

• ENV_VAR_NAME:secret_path - Maps environment variable to a specific secret path
• ENV_VAR_NAME - Uses the same name for both environment variable and secret path

Optional. Explicitly specify which backend to use. If not set, the plugin will automatically detect the first available backend from the supported list.

Supported values:

• pass - The standard Unix password manager
• security - macOS Keychain

Optional. If set, no error messages will be displayed.

GNU GPLv3 - see LICENSE file for details.