If I have to pass a key as an argument to a command (like my-command --key=<key>) how do I write the command to get the value that's been set with envchain?

For example, my-command doesn't use a defined environment variable, so using envchain myNamespace my-command won't work since it requires me to pass the API key through the --key flag argument.

I've tried echoing out the value after getting it from envchain myNamespace env with various methods, but all of them return an empty string. If I use grep to look for the variable, it shows me that it's set, but I can't find any simple methods (such as echoing it directly or in a sub-command) that will get the value to let me pass it in the command's arguments.

So far, I've tried these without success:

envchain myNamespace my-command --key $MY_API_KEY
my-command --key $(envchain myNamespace env | echo $MY_API_KEY)

The only one I've gotten to work uses eval, and I'm hoping there's a better way:

export eval $(envchain myNamespace env | grep MY_API_KEY) && my-command --key $MY_API_KEY

To add, I think this issue exists for passing as arguments as well. This is a major problem from a usability standpoint IMHO.
for example, these do not work:
envchain myNamespace bash -c "curl $MY_URL"

envchain myNamespace bash -c "echo $MY_VAL"

correct.

@sorah thank you for confirming! Is this by design or is there a potential enhancement here?

it is insecure passing credentials into command arguments. and this behavior is the nature of shells. so, won't fix.

Thanks @morganestes!

Used with bpkg/github

> export eval $(envchain github env | grep GH_PERSONAL_TOKEN)
> github auth