# atmos secret shell Resolve the declared secrets for a stack and component and launch an interactive shell with them set as environment variables. Each environment variable is named after the secret's declaration name, verbatim — the same naming used by [`atmos secret pull`](/cli/commands/secret/pull). This is the interactive counterpart of [`atmos secret exec`](/cli/commands/secret/exec). ## Usage ```shell atmos secret shell [flags] [-- [shell args...]] ``` The resolved secrets are layered on top of the current environment (the OS environment plus any global `env` from `atmos.yaml`). A declared secret takes precedence over an inherited variable of the same name. Secrets that are not yet initialized in their backend are skipped with a warning. Type `exit` to leave the shell and return to your normal session. ## Examples ```shell # Open a shell with the component's secrets in the environment atmos secret shell --stack=dev --component=app # Choose the shell binary atmos secret shell --stack=dev --component=app --shell=bash # Pass arguments through to the shell after `--` atmos secret shell --stack=dev --component=app -- -c 'echo ready' ``` ## Arguments - **`[-- [shell args...]]`** Optional arguments passed through to the shell, specified after the `--` separator. Positional arguments before `--` are rejected — use `--shell` to choose the shell binary. ## Flags - **`--stack` (alias `-s`)** The Atmos stack to operate on. **Required.** **Environment variable:** `ATMOS_STACK` - **`--component` (alias `-c`)** The Atmos component whose declared secrets are injected. **Required.** **Environment variable:** `ATMOS_COMPONENT` - **`--type`** The component type (`terraform`, `helmfile`, `packer`, or `ansible`). Used to disambiguate when a component name exists in more than one type. - **`--identity` (alias `-i`)** The identity to use when accessing the secret backend. **Environment variable:** `ATMOS_IDENTITY` - **`--shell`** The shell to launch. Defaults to `$SHELL`, then `bash`, then `sh`. **Environment variable:** `ATMOS_SHELL` :::warning Secrets are not masked in the shell Secret values are present in the shell's environment in cleartext and are **not** masked in the shell's output. Treat the session accordingly. ::: ## See Also - [atmos secret exec](/cli/commands/secret/exec) — Run a single command with secrets in the environment - [atmos secret pull](/cli/commands/secret/pull) — Download declared secrets to a local file - [atmos secret](/cli/commands/secret/usage) — Overview of the secret command group - [`!secret` YAML function](/functions/yaml/secret) — Resolve declared secrets at runtime