A CLI tool that injects environment variables from various sources before executing a command. Useful for running commands that need secrets, such as terraform plan with cloud credentials.
Arch Linux (AUR):
yay -S env-exec-binmacOS (Homebrew):
brew install polarn/tap/env-execDebian/Ubuntu:
# Download from releases or use the apt repository
sudo dpkg -i env-exec_*.debenv-exec terraform planThis runs terraform plan with environment variables injected from .env-exec.yaml in the current directory.
-h, --help Show help
-v, --version Show version
-n, --dry-run Print environment variables without executing command
Run without arguments to output export statements:
source <(env-exec)ENV_EXEC_YAML=/path/to/config.yaml env-exec terraform planCreate a .env-exec.yaml file:
defaults:
gcp:
project: "my-gcp-project"
env:
# Plain values
- name: MY_VAR
value: "static-value"
# GCP Secret Manager
- name: DB_PASSWORD
valueFrom:
gcpSecretKeyRef:
name: database-password
version: latest # optional, defaults to "latest"
project: other-project # optional, overrides default
# GitLab CI/CD Variables
- name: DEPLOY_TOKEN
valueFrom:
gitlabVariableKeyRef:
project: "12345"
key: deploy-tokenThe syntax is inspired by Kubernetes pod specs.
Static key-value pairs defined directly in the config.
Fetches secrets from Google Cloud Secret Manager. Requires GCP credentials (e.g., gcloud auth application-default login).
name- Secret name (required)version- Secret version (optional, defaults tolatest)project- GCP project (optional ifdefaults.gcp.projectis set)
Fetches project variables from GitLab. Requires GITLAB_TOKEN environment variable with API access.
export GITLAB_TOKEN=glpat-xxxx
env-exec terraform planproject- GitLab project ID (required)key- Variable key (required)
Apache-2.0