Docs
PackagesPulumi ESC: Integrate with Direnv
Overview
Pulumi ESC integrates with Direnv to help developers automatically load configuration and secrets into their shell.
Prerequisites
To complete the steps in this tutorial, you will need to install the following prerequisites:
- the Pulumi ESC CLI
- the Direnv CLI and shell integration
Create an ESC environment with environment variables
ESC integrates with direnv by exporting environment variables from an opened environment. Before you can configure direnv, you’ll need to create an environment that exports environment variables. For example, the environment below fetches AWS credentials via OIDC and exports these credentials in environment variables:
values:
aws:
login:
fn::open::aws-login:
oidc:
duration: 1h
roleArn: <your-oidc-iam-role-arn>
sessionName: pulumi-environments-session
environmentVariables:
AWS_ACCESS_KEY_ID: ${aws.login.accessKeyId}
AWS_SECRET_ACCESS_KEY: ${aws.login.secretAccessKey}
AWS_SESSION_TOKEN: ${aws.login.sessionToken}
For the purposes of this guide, we’ll create an environment that exports a single variable:
values:
environmentVariables:
ESC_HELLO: Hello, ${context.pulumi.organization.login}!
Create a .envrc file
Before each prompt, direnv checks for the existence of a .envrc file in the current directory and its ancestors. If a .envrc file is found, direnv executes it using bash and makes its exported variables available to the current shell. When you exit the directory that contains the loaded .envrc file, direnv unloads its variables.
To open an ESC environment and export its environment variables, create a .envrc file with the following contents:
eval $(esc open <your-environment-name> --format shell)
Once you’ve created this file, direnv may warn you that it cannot load the .direnv file for security reasons:
direnv: error /path/to/.envrc is blocked. Run `direnv allow` to approve its content
In order to allow direnv to load the file, run direnv allow:
$ direnv allow /path/to/.envrc
This should allow direnv to load the file and export its environment variables. For the example environment above, you should see the following:
direnv: loading /path/to/.envrc
direnv: export +ESC_HELLO
You can then retrieve the value of the environment variable:
$ echo $ESC_HELLO
Hello, <your-pulumi-login>!
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.
