How to store sensitive environment variables on MacOS

MacOS has KeyChain built into terminal

How to store your sensitive credentials to keychain

security add-generic-password -a "$USER" -s 'name_of_your_key' -w 'passphrase'

How to retrieve them from your keychain

security find-generic-password -a "$USER" -s 'name_of_your_key' -w

How to set this up in your .bash_profile so that you can actually use this:

NAME_OF_YOUR_KEY=$(security find-generic-password -a "$USER" -s "name_of_your_key" -w)

Now you can do something like echo $NAME_OF_YOUR_KEY and see your secret with your bash_profile being safe.