Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi IDP Pulumi Cloud Packages Tutorials
  1. Docs
  2. Pulumi ESC
  3. Integrations
  4. Dev tools
  5. Direnv

Pulumi ESC: Integrate with Direnv

Overview

Pulumi ESC integrates with Direnv to help developers automatically load configuration and secrets into their shell.

Prerequisites

To complete the steps in this tutorial, you will need to install the following prerequisites:

Create an ESC environment with environment variables

ESC integrates with direnv by exporting environment variables from an opened environment. Before you can configure direnv, you’ll need to create an environment that exports environment variables. For example, the environment below fetches AWS credentials via OIDC and exports these credentials in environment variables:

values:
  aws:
    login:
      fn::open::aws-login:
        oidc:
          duration: 1h
          roleArn: <your-oidc-iam-role-arn>
          sessionName: pulumi-environments-session
  environmentVariables:
    AWS_ACCESS_KEY_ID: ${aws.login.accessKeyId}
    AWS_SECRET_ACCESS_KEY: ${aws.login.secretAccessKey}
    AWS_SESSION_TOKEN: ${aws.login.sessionToken}
Copy

For the purposes of this guide, we’ll create an environment that exports a single variable:

values:
  environmentVariables:
    ESC_HELLO: Hello, ${context.pulumi.organization.login}!
Copy

Create a .envrc file

Before each prompt, direnv checks for the existence of a .envrc file in the current directory and its ancestors. If a .envrc file is found, direnv executes it using bash and makes its exported variables available to the current shell. When you exit the directory that contains the loaded .envrc file, direnv unloads its variables.

To open an ESC environment and export its environment variables, create a .envrc file with the following contents:

eval $(esc open <your-project-name>/<your-environment-name> --format shell)
Copy

Once you’ve created this file, direnv may warn you that it cannot load the .direnv file for security reasons:

direnv: error /path/to/.envrc is blocked. Run `direnv allow` to approve its content
Copy

In order to allow direnv to load the file, run direnv allow:

$ direnv allow /path/to/.envrc
Copy

This should allow direnv to load the file and export its environment variables. For the example environment above, you should see the following:

direnv: loading /path/to/.envrc
direnv: export +ESC_HELLO
Copy

You can then retrieve the value of the environment variable:

$ echo $ESC_HELLO
Hello, <your-pulumi-login>!
Copy

Was this page helpful?

Yes No