-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.envrc
More file actions
36 lines (32 loc) · 1.38 KB
/
.envrc
File metadata and controls
36 lines (32 loc) · 1.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/usr/bin/env bash
# Direnv configuration for dev-config
# Security: This file is version-controlled. No secrets here!
# Watch files BEFORE use flake (nix-direnv requirement)
# Note: flake.nix and flake.lock are watched automatically by nix-direnv
watch_file flake.nix
watch_file flake.lock
# Use Nix flake for development environment
use flake
# Load non-secret local overrides (gitignored, requires direnv allow)
# Use .env.local for non-secret environment variables (KEY=value format)
# This replaces the old .envrc.local pattern (which used source_env)
dotenv_if_exists .env.local
# AI Credentials: Loaded via sops-nix (not 1Password CLI)
# ============================================================
# AI service API keys are now managed by sops-nix and loaded automatically
# via shell initialization (~/.config/sops-nix/load-env.sh sourced in .zshenv).
#
# Benefits:
# - No 1Password CLI queries on every shell startup (faster)
# - Secrets decrypted once at Home Manager activation
# - Stored in tmpfs (secure, not written to disk)
#
# Configuration: See modules/home-manager/services/sops-env.nix
# Secrets file: secrets/default.yaml (encrypted with sops)
#
# Environment variables loaded:
# - ANTHROPIC_API_KEY (Claude API)
# - OPENAI_API_KEY (OpenAI API)
# - GOOGLE_AI_API_KEY (Google AI API)
# - LITELLM_MASTER_KEY (LiteLLM proxy master key)
# - OPENROUTER_API_KEY (OpenRouter multi-model API)