Shell Hooks
envpkt provides shell hooks that display credential health automatically when you navigate into a directory containing envpkt.toml.
Add to ~/.zshrc:
eval "$(envpkt shell-hook zsh)"Add to ~/.bashrc:
eval "$(envpkt shell-hook bash)"What the Hook Does
Section titled “What the Hook Does”The hook wraps the cd command. When you cd into a directory containing envpkt.toml, it runs:
envpkt audit --format minimalThis provides a one-line health summary without interrupting your workflow.
Generated Shell Code
Section titled “Generated Shell Code”The envpkt shell-hook command outputs a shell function. For zsh, it looks approximately like:
envpkt_chpwd() { if [[ -f envpkt.toml ]]; then envpkt audit --format minimal 2>/dev/null fi}chpwd_functions=(${chpwd_functions[@]} envpkt_chpwd)For bash, it uses PROMPT_COMMAND or wraps cd.
Sourcing Secrets
Section titled “Sourcing Secrets”In addition to ambient health warnings, you can source envpkt-managed secrets directly into your shell session using envpkt env export:
# Add to ~/.zshrc or ~/.bashrceval "$(envpkt env export 2>/dev/null)"This resolves secrets via sealed packets and/or fnox and emits export KEY='VALUE' statements. Warnings go to stderr so they don’t interfere with eval.
You can combine both hooks for a complete setup:
# Shell startupeval "$(envpkt shell-hook zsh)" # Ambient health on cdeval "$(envpkt env export 2>/dev/null)" # Load secrets into current sessionSee envpkt env export for full options.
Use Cases
Section titled “Use Cases”- Daily development — see credential health at a glance
- Multi-project work — catch issues as you switch between projects
- Team onboarding — new team members see credential status immediately