Summon is a tool to inject secrets into a process via environment variables. The nice thing is that the secret provider can be configured at runtime and different environments can be chosen. If you’re using gopass, this recipe might be for you. Gopass itself can be used out of the box as summon provider as it fulfils all requirements: gopass secretname returns a secret. To directly make use of gopass, just link the gopass binary to /usr/lib/summon.