Direnv

Learn how to automatically load environment variables in your development environment.

direnv is a tool that automatically loads environment variables when you cd into a directory and then unsets them when you leave that directory. This guide will show you how to use it with Doppler.

🚧

Doppler does not recommend or endorse loading all secrets into your shell environment like this. However, some developers may need this functionality. This is purely a guide on how to use Doppler with direnv and should not be read as an endorsement of that tool or workflow.

Prerequisites

  • direnv installed
  • A shell compatible with direnv

Configure Your Doppler Project

For this to work, you need to perform a doppler setup in the project first. Make sure you do that and follow the setup process to connect the directory with a Doppler project and config.

Create a .envrc file

In the root of your project directory, create a .envrc file with the following contents:

set -a
source <(doppler secrets download --no-file --format env)
set +a

The set -a makes it so any variable assignments following that are exported and set +a disables that functionality. After saving this, you may get a warning like this from direnv:

direnv: error /path/to/project/.envrc is blocked. Run `direnv allow` to approve its content

By default, direnv won't load what's in a .envrc file until you approve it. In this case, you just created it so you can allow it by running direnv allow. After doing that, you should see direnv load the environment variables:

direnv: loading /path/to/project/.envrc
direnv: export +DOPPLER_CONFIG +DOPPLER_ENVIRONMENT +DOPPLER_PROJECT +YOUR_VARIABLE

When you leave the directory, you'll see direnv unload the variables:

direnv: unloading

🚧

The above solution isn't guaranteed to work with all secret values. Notably, it may fail with some multi-line secrets. Direnv also seems to have issues with secrets that contain ?, *, and ``. There may be other characters that cause problems as well (e.g., $and#` could potentially cause problems in some scenarios).

Overriding Specific Variables

In some situations, you may want to have a local override that it doesn't make sense to simply use branch configs for. In that case, you can modify the .envrc to look for another file, and if it exists source it after loading your secrets from Doppler. In this case, we'll name that file .env.local and your .envrc would end up looking something like this:

set -a
source <(doppler secrets download --no-file --format env)
test -f .env.local && source .env.local
set +a

It will work exactly like it did before, but if a .env.local file exists, any environment variables defined there will take precedence over what was loaded from Doppler.