← knowledge.oriz.in

.env exports to user env vars daily — MCPs read from system env

rule rulesagentenvmcpsecretssops

.env → user env vars, refreshed daily

Rule

.env.enc (sops+age encrypted) → .env (gitignored) → user-scope Windows environment variables → MCP servers read at launch. Single source of truth: .env.

No secrets committed. No secrets in .mcp.json. No per-agent auth file duplication.

Mechanic

  1. Age key — imported once per machine from Bitwarden (~/.age/keys.txt or SOPS_AGE_KEY env var).
  2. .env.enc — committed to workspace, sops+age encrypted.
  3. sync-env-to-system-env.ps1 — decrypts .env.enc.env, reads every KEY=VALUE, calls [Environment]::SetEnvironmentVariable(key, value, 'User').
  4. Windows Scheduled Task Oriz-SyncEnv — runs the script at logon + daily 09:00. Registered by scripts/register-scheduled-tasks.ps1.
  5. MCP servers — reference secrets via ${env:VAR_NAME} in their config (e.g. .mcp.json, ~/.config/opencode/opencode.jsonc).
  6. Per-agent auth (Anthropic key, OpenAI key) — same pattern; agent reads from env.

Why user-scope, not machine-scope

Why refresh daily

Anti-patterns

Cross-refs