dotenv
is a zsh/bash shell function that loads environment variables from a
file named .env
. It decrypts the file using GPG if the filename is .env.gpg
.
$ cat .env
AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
$ dotenv
dotenv: Loading .env
$ echo $AWS_ACCESS_KEY_ID
AKIAIOSFODNN7EXAMPLE
Copy-paste this function definition to your .zshrc
or .bashrc
:
dotenv() {
if [ $# -eq 0 ]; then
[ -f .env.gpg ] && set -- .env.gpg "$@"
[ -f .env ] && set -- .env "$@"
fi
set -a
while [ $# -gt 0 ]; do
echo "dotenv: Loading $1"
case "$1" in
*.gpg)
eval "$(gpg --quiet --decrypt --yes "$1")"
;;
*/*)
. "$1"
;;
*)
. "./$1"
esac
shift
done
set +a
}
Or, clone and source dotenv.zsh with a zsh plugin manager.
Use gpg to encrypt your .env
:
$ gpg --symmetric .env
$ file .env.gpg
.env.gpg: GPG symmetrically encrypted data (AES cipher)
$ rm .env
Then, the dotenv
function loads the encrypted file:
$ dotenv
dotenv: Loading .env.gpg
Enter passphrase
Passphrase:
$ echo $AWS_ACCESS_KEY_ID
AKIAIOSFODNN7EXAMPLE
Note: gpg-agent
may be running background and caching passphrase, so you may
not see the passphrase prompt.