direnv
direnv loads and unloads per-directory environment variables when you cd into a project (via a hook in bash/zsh/fish). We rate it assess: strong for host-shell and multi-repo local work; less critical when Dev Container or a VM already defines the toolchain.
Blurb
direnv is an extension for your shell. It augments existing shells with a new feature that can load and unload environment variables depending on the current directory.
Summary
What it does: reads .envrc in the project root (bash-like DSL), exports vars for that directory tree, reverts when you leave. Common patterns:
dotenv/dotenv_if_exists— load.env(keep.envgitignored, commit.envrc)layout python,layout go— wire language version managersuse nix,use flake— enter Nix dev shells oncd
When to assess / adopt locally:
- Many repos on the laptop with different
PATH, API keys, or tool versions - cursor-agent / CLI agents that expect
.envloaded automatically (see vaultagent-skillsREADME) - Polyglot monorepos where each subdirectory needs its own env
When to skip:
- Primary dev is Dev Container or remote environments (env is in the image)
- Team policy forbids shell hooks on corporate laptops
- You only need one global profile (use shell profile or a single version manager instead)
Security: run direnv allow only after reviewing .envrc; treat untrusted clones like arbitrary shell scripts.
Details
| Topic | Notes |
|---|---|
| Install | Package + direnv hook zsh (or bash) in ~/.zshrc |
| CI | Do not rely on direnv in GitHub Actions; set env in workflow explicitly |
| Secrets | .envrc can reference .env; never commit secrets |
| Pairing | Fits Environment Managers bucket alongside version managers, not a replacement |
Garden pattern: assess for host-native development; adopt Dev Container first for team parity, then add direnv where shell workflows remain.
References