Proton Pass Provider
The Proton Pass provider integrates with Proton Pass for end-to-end encrypted cloud secret storage.
Prerequisites
Section titled “Prerequisites”- Proton Pass CLI (
pass-cli) - download from proton.me/pass/download - A Proton account, signed in via
pass-cli login - A vault to store secrets in (e.g.
pass-cli vault create secretspec)
Configuration
Section titled “Configuration”URI Format
Section titled “URI Format”protonpass://[vault_name[/title-template]]vault_name: Target vault (defaults tosecretspec)title-template: Item title pattern supporting{project},{profile},{key}placeholders
Examples
Section titled “Examples”# Default vault ("secretspec")protonpass://
# Specific vaultprotonpass://Work
# Specific vault and custom title templateprotonpass://Work/{project}/{profile}/{key}# Set a secret$ secretspec set DATABASE_URL --provider protonpass://PersonalEnter value for DATABASE_URL: postgresql://localhost/mydb
# Get a secret$ secretspec get DATABASE_URL --provider protonpass://Personal
# Run with secrets$ secretspec run --provider protonpass://Personal -- npm start
# Profile-specific vault$ secretspec set DATABASE_URL --profile prod --provider protonpass://ProductionSecrets are stored as note items; the item title defaults to {project}/{profile}/{key}.
CI/CD with Personal Access Tokens
Section titled “CI/CD with Personal Access Tokens”# Create a token$ pass-cli personal-access-token create --name ci --expiration 1y
# Authenticate in CI (store the token as a CI secret)$ pass-cli login --pat $PROTON_PASS_PAT$ secretspec run -- deploy