Pulumi ESC: Integrate with Direnv
Overview
Pulumi ESC integrates with Direnv to help developers automatically load configuration and secrets into their shell.
Prerequisites
To complete the steps in this tutorial, you will need to install the following prerequisites:
- the Pulumi ESC CLI
- the Direnv CLI and shell integration
Create an ESC environment with environment variables
ESC integrates with direnv
by exporting environment variables from an opened environment. Before you can configure direnv
, you’ll need to create an environment that exports environment variables. For example, the environment below fetches AWS credentials via OIDC and exports these credentials in environment variables:
values:
aws:
login:
fn::open::aws-login:
oidc:
duration: 1h
roleArn: <your-oidc-iam-role-arn>
sessionName: pulumi-environments-session
environmentVariables:
AWS_ACCESS_KEY_ID: ${aws.login.accessKeyId}
AWS_SECRET_ACCESS_KEY: ${aws.login.secretAccessKey}
AWS_SESSION_TOKEN: ${aws.login.sessionToken}
For the purposes of this guide, we’ll create an environment that exports a single variable:
values:
environmentVariables:
ESC_HELLO: Hello, ${context.pulumi.organization.login}!
Create a .envrc file
Before each prompt, direnv
checks for the existence of a .envrc
file in the current directory and its ancestors. If a .envrc
file is found, direnv
executes it using bash
and makes its exported variables available to the current shell. When you exit the directory that contains the loaded .envrc
file, direnv
unloads its variables.
To open an ESC environment and export its environment variables, create a .envrc
file with the following contents:
eval $(esc open <your-project-name>/<your-environment-name> --format shell)
Once you’ve created this file, direnv
may warn you that it cannot load the .direnv
file for security reasons:
direnv: error /path/to/.envrc is blocked. Run `direnv allow` to approve its content
In order to allow direnv
to load the file, run direnv allow
:
$ direnv allow /path/to/.envrc
This should allow direnv
to load the file and export its environment variables. For the example environment above, you should see the following:
direnv: loading /path/to/.envrc
direnv: export +ESC_HELLO
You can then retrieve the value of the environment variable:
$ echo $ESC_HELLO
Hello, <your-pulumi-login>!
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.