direnv is a tool that automatically loads environment variables when you
cd into a directory and then unsets them when you leave that directory. This guide will show you how to use it with Doppler.
Doppler does not recommend or endorse loading all secrets into your shell environment like this. However, some developers may need this functionality. This is purely a guide on how to use Doppler with
direnvand should not be read as an endorsement of that tool or workflow.
- direnv installed
- A shell compatible with
For this to work, you need to perform a
doppler setup in the project first. Make sure you do that and follow the setup process to connect the directory with a Doppler project and config.
In the root of your project directory, create a
.envrc file with the following contents:
export $(doppler secrets download --no-file --format env-no-quotes)
After saving this, you may get a warning like this from
direnv: error /path/to/project/.envrc is blocked. Run `direnv allow` to approve its content
direnv won't load what's in a
.envrc file until you approve it. In this case, you just created it so you can allow it by running
direnv allow. After doing that, you should see
direnv load the environment variables:
direnv: loading /path/to/project/.envrc direnv: export +DOPPLER_CONFIG +DOPPLER_ENVIRONMENT +DOPPLER_PROJECT +YOUR_VARIABLE
When you leave the directory, you'll see
direnv unload the variables:
The above solution isn't guaranteed to work with all secret values. Notably, it may fail with some multi-line secrets. Direnv also seems to have issues with secrets that contain
`. There may be other characters that cause problems as well (e.g.,
#could potentially cause problems in some scenarios).
In some situations, you may want to have a local override that it doesn't make sense to simply use branch configs for. In that case, you can modify the
.envrc to look for another file, and if it exists source it after loading your secrets from Doppler. In this case, we'll name that file
.env.local and your
.envrc would end up looking something like this:
export $(doppler secrets download --no-file --format env-no-quotes) test -f .env.local && source .env.local
It will work exactly like it did before, but if a
.env.local file exists, any environment variables defined there will take precedence over what was loaded from Doppler.
Updated 7 months ago