Skip to main content

atmos secret shell

Resolve the declared secrets for a stack and component and launch an interactive shell with them set as environment variables. Each environment variable is named after the secret's declaration name, verbatim — the same naming used by atmos secret pull. This is the interactive counterpart of atmos secret exec.

atmos secret shell --help

Usage

atmos secret shell [flags] [-- [shell args...]]

The resolved secrets are layered on top of the current environment (the OS environment plus any global env from atmos.yaml). A declared secret takes precedence over an inherited variable of the same name. Secrets that are not yet initialized in their backend are skipped with a warning. Type exit to leave the shell and return to your normal session.

Examples

# Open a shell with the component's secrets in the environment
atmos secret shell --stack=dev --component=app

# Choose the shell binary
atmos secret shell --stack=dev --component=app --shell=bash

# Pass arguments through to the shell after `--`
atmos secret shell --stack=dev --component=app -- -c 'echo ready'

Arguments

[-- [shell args...]]
Optional arguments passed through to the shell, specified after the -- separator. Positional arguments before -- are rejected — use --shell to choose the shell binary.

Flags

--stack (alias -s)

The Atmos stack to operate on. Required.

Environment variable: ATMOS_STACK

--component (alias -c)

The Atmos component whose declared secrets are injected. Required.

Environment variable: ATMOS_COMPONENT

--type

The component type (terraform, helmfile, packer, or ansible). Used to disambiguate when a component name exists in more than one type.

--identity (alias -i)

The identity to use when accessing the secret backend.

Environment variable: ATMOS_IDENTITY

--shell

The shell to launch. Defaults to $SHELL, then bash, then sh.

Environment variable: ATMOS_SHELL

Secrets are not masked in the shell

Secret values are present in the shell's environment in cleartext and are not masked in the shell's output. Treat the session accordingly.

See Also