Skip to content
Latchkey

teller env: Export Secrets as Shell Vars

teller env resolves the providers in .teller.yml and prints shell export lines so you can load the secrets into the current shell.

When you need the secrets in the current shell rather than a child process, teller env emits export statements. Use it sparingly in CI since it puts plaintext into the shell environment.

What it does

teller env resolves every mapped secret from the configured providers and writes them as export NAME=value lines to stdout, ready to be eval-ed into the current shell.

Common usage

Terminal
eval "$(teller env)"
# or capture to a temp env file for a tool that reads one
teller env > /tmp/ci.env && set -a && . /tmp/ci.env && set +a

Options

FlagWhat it does
-c, --config <file>Path to the teller config (default .teller.yml)
TELLER_FILEEnv var naming an alternate config file

In CI

Prefer teller run, which scopes secrets to a child process. If you must use teller env, eval it in a short-lived step and avoid printing it. Never redirect its output to the job log; the export lines contain plaintext.

Common errors in CI

A provider "AccessDenied" or auth error means the backend credentials are not present on the runner. "config file .teller.yml not found" means the wrong working directory. If eval fails with a syntax error, a secret value contains characters that broke the export line; teller run avoids that quoting problem entirely.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →