Secret reference syntax usable by direnv?

Hey jc00ke, terribly sorry for the late reply. Let me elaborate a bit on the alternatives described there:

You can move your direnv environment variables to a .env file, replace their values with secret references, and start a privileged session, with access to these secrets, using op run --env-file .env -- $SHELL. Please do mind that you'll need to explicitly terminate this session (exit) at the end of it, in order to de-populate the environment.

Let's assume your .envrc contains something like this:

export FOO=BAR
export BAZ=XYZ

You can save the BAR and BAZ values in 1Password and replace then in your .envrc with the corresponding secret references. .envrc becomes:

export FOO=op://path/to/bar
export BAZ=op://path/to/xyz

Now, running op run --env-file .envrc -- $SHELL will start a privileged session, where you have the resolved FOO and BAZ in your environment. You will need to explicitly type exit, in order to terminate this session.

Another possibility is using direnv in conjunction with op run: adding envvars with secret references in your .envrc, and starting a privileged session from within the directory. In this case there would be no need for a .env file, since the envvars in question are in your session environment: op run -- $SHELL. Once again, please do proceed with caution and exit the privileged shell once access to the secrets is no longer needed.

Same scenario as above, let's assume you've replaced your envvars values with secret references. This is your .envrc:

export FOO=op://path/to/bar
export BAZ=op://path/to/xyz


You can now run direnv allow . and these envvars with secret references will be exported in your environment. You can just simply run op run -- $SHELL and they will be resolved. At the end of this session, you should once again explictly type exit.

I hope this clears this up a bit.

Don't hesitate to ask any additional questions, if need be.
Looking forward to hearing from you!

Best,
Horia