1password and direnv

· Alberto's Blog!

How to load secrets automatically with 1password and direnv.

Problem #

Load automatically secrets stored in 1password as environment variables.

Solution #

Global config #

1## File: ~/.config/direnv/direnv.toml
2
3[global]
4load_dotenv = true
5
6[whitelist]
7prefix = [ "~/workspace" ]

Root working directory #

1## File: ~/workspace/.envrc
2
3# Inject 1password secrets into environment
4use_sourceop() {
5  if printenv | grep -q "op://"; then
6    source <(printenv | grep "op://" | op inject)
7  fi
8}

Project directory #

1## File: ~/workspace/python/project/.envrc
2
3dotenv_if_exists
4source_up_if_exists
5use sourceop

1## File: ~/workspace/python/project/.env
2
3PROJECT_VAR=<EXAMPLE>
4PROJECT_SECRET="op://Private/Python Project Secret/password"

Explanation #

In the global configuration file, we enable loading environment variables from .env files by default. In the root working directory, we create a script for loading secrets from 1password. In the project directory, we load .env files, add config from the root working directory and finally run the script for loading secrets.

References #

#user hacks #dotfiles #direnv #1password #environment variables
last updated: