From f67e56485509ce87bfc8d079813261848037104d Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sun, 8 Jun 2025 20:01:34 -0700 Subject: use agenix to manage some secrets I have some secrets that I want to manage for my user without having to rely on 1password, and ensure proper rotation everywhere when needed. For now we only have two secrets (one for `llm` and another one is the API key for anthropic for Emacs). Will document the process better in the near future. --- nix/users/fcuny/configs/emacs/site-lisp/init-llm.el | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) (limited to 'nix/users/fcuny/configs/emacs/site-lisp') diff --git a/nix/users/fcuny/configs/emacs/site-lisp/init-llm.el b/nix/users/fcuny/configs/emacs/site-lisp/init-llm.el index 4654613..48346e6 100644 --- a/nix/users/fcuny/configs/emacs/site-lisp/init-llm.el +++ b/nix/users/fcuny/configs/emacs/site-lisp/init-llm.el @@ -6,22 +6,19 @@ ;; Configure completions ;;; Code: -(defvar fcuny/op-item-cache nil) +(require 's) -(defun fcuny/read-op-item (op-item-path) - "Read and cache OP-ITEM-PATH item." - (or (cdr (assoc op-item-path fcuny/op-item-cache)) - (let ((key (string-trim-right - (shell-command-to-string (format "op read '%s'" op-item-path))))) - (unless (string-match-p "\\[ERROR\\]" key) - (push (cons op-item-path key) fcuny/op-item-cache) - key)))) +(defun fcuny/read-anthropic-key () + "Read and return the API key for anthropic." + (with-temp-buffer + (insert-file-contents "~/.local/share/agenix/anthropic-api-key") + (s-trim (buffer-string)))) (use-package gptel :custom (gptel-default-mode 'org-mode) :config - (gptel-make-anthropic "Claude" :stream t :key (lambda () (fcuny/read-op-item "op://Private/anthropic llm/credential")))) + (gptel-make-anthropic "Claude" :stream t :key (lambda () (fcuny/read-anthropic-key)))) (use-package aidermacs :bind ("C-c a" . aidermacs-transient-menu) @@ -29,7 +26,7 @@ (aider-args '("--no-check-update" "--no-show-model-warnings")) (aidermacs-default-model "claude-3-7-sonnet-latest") :config - (setenv "ANTHROPIC_API_KEY" (fcuny/read-op-item "op://Private/anthropic llm/credential"))) + (setenv "ANTHROPIC_API_KEY" (fcuny/read-anthropic-key))) (provide 'init-llm) -- cgit v1.2.3