Skip to content
envpacket / envpkt

Shell Hooks

envpkt provides shell hooks that display credential health automatically when you navigate between directories. The hook delegates config discovery to envpkt itself — it will find envpkt.toml in CWD, ~/.envpkt/, cloud storage paths, or any custom ENVPKT_SEARCH_PATH location.

Setup

Section titled “Setup”

zsh

Section titled “zsh”

Add to ~/.zshrc:

Terminal window
eval "$(envpkt shell-hook zsh)"

bash

Section titled “bash”

Add to ~/.bashrc:

Terminal window
eval "$(envpkt shell-hook bash)"

What the Hook Does

Section titled “What the Hook Does”

The hook wraps the cd command. On every directory change, it runs:

Terminal window
envpkt audit --format minimal 2>/dev/null

envpkt handles config discovery internally — if no config is found anywhere in the resolution chain, it silently exits. This provides a one-line health summary without interrupting your workflow.

Generated Shell Code

Section titled “Generated Shell Code”

The envpkt shell-hook command outputs a shell function. For zsh, it looks approximately like:

Terminal window
envpkt_chpwd() {
  envpkt audit --format minimal 2>/dev/null
}
chpwd_functions=(${chpwd_functions[@]} envpkt_chpwd)

For bash, it uses PROMPT_COMMAND or wraps cd. Note that the hook does not check for envpkt.toml — envpkt’s built-in config discovery chain handles resolution across CWD, home directory, cloud storage, and custom search paths.

Sourcing Secrets

Section titled “Sourcing Secrets”

In addition to ambient health warnings, you can source envpkt-managed secrets directly into your shell session using envpkt env export:

Terminal window
# Add to ~/.zshrc or ~/.bashrc
eval "$(envpkt env export 2>/dev/null)"

This resolves secrets via sealed packets and/or fnox and emits export KEY='VALUE' statements. Warnings go to stderr so they don’t interfere with eval.

You can combine both hooks for a complete setup:

Terminal window
# Shell startup
eval "$(envpkt shell-hook zsh)"        # Ambient health on cd
eval "$(envpkt env export 2>/dev/null)" # Load secrets into current session

See envpkt env export for full options.

Custom Search Paths

Section titled “Custom Search Paths”

If your envpkt.toml lives in a non-standard location (e.g., a corporate OneDrive path), set ENVPKT_SEARCH_PATH:

Terminal window
export ENVPKT_SEARCH_PATH="$HOME/OneDrive - Corp/.envpkt/envpkt.toml"

Colon-separated paths are searched after CWD but before built-in candidates.

Use Cases

Section titled “Use Cases”
  • Daily development — see credential health at a glance
  • Multi-project work — catch issues as you switch between projects
  • Team onboarding — new team members see credential status immediately
  • User-level config — place envpkt.toml at ~/.envpkt/ and get health checks from any directory