sst
add ability to load secrets from external command or environment variables in the config file
I have all my dotfiles in a github repository. I want the opencode configuration to be part of my dotfiles. I am using github mcp which requires the github personal access token so I cant commit the file.
Can we make the config file to
- evaluate environment variables OR
- evaluate command (eg pass)
i believe opencode will load .env files - does that help? typically we try to avoid too much env loading as people always have complex wasy they want to load the env
can you ensure the env is loaded before opencode starts? if not we can figure something out
Actually, I ended up doing it differently which works perfectly for my use case. I added a bash script that uses pass to dynamically load the github token, then use the base script as local tool.
Example for others who run into similar issue
# /home/user/.config/opencode/commands/github
#!/bin/bash
TOKEN=$(pass personal/github_token)
docker run -i --rm -e GITHUB_PERSONAL_ACCESS_TOKEN=$TOKEN ghcr.io/github/github-mcp-server
"mcp": {
"github": {
"type": "local",
"command": ["/home/user/.config/opencode/commands/github"]
}
}
@thdxr i did not try the .env route. I had the variable loaded in my shell via .zshrc and it did not work. The script solution works fine for my usecase, so feel free to close this issue if you dont want to investigate further into environment variables.
I'm also having the same issue with .zshrc -- I have my .env sourced, with all values printable in my terminal, but they arent being loaded in opencode:
expected:
"context7": {
"type": "remote",
"url": "https://mcp.context7.com/mcp",
"headers": {
"CONTEXT7_API_KEY": "{env:CONTEXT7_API_KEY}"
},
"enabled": true
},
opencode debug config:
"context7": {
"type": "remote",
"url": "https://mcp.context7.com/mcp",
"enabled": true,
"headers": {
"CONTEXT7_API_KEY": ""
}
the API key is printable in my shell.
