Loading...
Loading...
This skill should be used when users want to migrate from .env files to fnox with 1Password (or another secret provider). It covers installing fnox, creating 1Password items, configuring fnox.toml, and integrating with mise. Use when users mention ".env migration", "fnox setup", "1password secrets", or want to improve their secret management workflow.
npx skill4agent add nateberkopec/dotfiles env-to-fnox.envop --versionop vault listmise --version.envcat .envmise use fnoxmise.toml[tools]
fnox = "latest"mise exec -- fnox init
mise exec -- fnox provider add op 1passwordop item create \
--category="API Credential" \
--title="project-name" \
--vault="Private" \
'Field Name[text]=value' \
'Secret Field[password]=secret-value'[text][password]op item create \
--category="API Credential" \
--title="myproject" \
--vault="Private" \
'AWS Access Key ID[text]=AKIA...' \
'AWS Secret Access Key[password]=...' \
'Database URL[password]=postgres://...' \
'API Token[password]=...'fnox.toml[providers.op]
type = "1password"
vault = "Private"
[secrets]
# Format: ENV_VAR = { provider = "op", value = "item-title/Field Name" }
AWS_ACCESS_KEY_ID = { provider = "op", value = "myproject/AWS Access Key ID" }
AWS_SECRET_ACCESS_KEY = { provider = "op", value = "myproject/AWS Secret Access Key" }
DATABASE_URL = { provider = "op", value = "myproject/Database URL" }
# Non-secret defaults don't need 1Password
AWS_DEFAULT_REGION = { default = "us-east-1" }mise.toml.env[tools]
fnox = "latest"
# ... other tools
[env]
_.source = "fnox export".env- _.file = ".env"
+ _.source = "fnox export"# List configured secrets
mise exec -- fnox list
# Verify a secret can be retrieved
mise exec -- fnox get AWS_ACCESS_KEY_ID
# Test full environment
mise exec -- printenv | grep AWS_.envrm .envfnox.tomlgit add fnox.toml mise.toml
git commit -m "Migrate secrets from .env to fnox + 1Password"# 1Password
[providers.op]
type = "1password"
vault = "Private"
# account = "my.1password.com" # Optional: specify account
# Age encryption (for git-stored encrypted secrets)
[providers.age]
type = "age"
recipients = ["age1..."]
# AWS Secrets Manager
[providers.aws]
type = "aws-sm"
region = "us-east-1"
prefix = "myapp/"[secrets]
# 1Password: item-title/field-name
SECRET = { provider = "op", value = "myproject/Secret Field" }
# 1Password: full op:// URI
SECRET = { provider = "op", value = "op://Vault/Item/Field" }
# Default value (no provider needed)
REGION = { default = "us-east-1" }
# Age-encrypted value
SECRET = { provider = "age", value = "YWdlLWVu..." }[providers.op]
type = "1password"
vault = "Development"
[secrets]
DATABASE_URL = { provider = "op", value = "dev-db/url" }
[profiles.production.providers.op]
vault = "Production"
[profiles.production.secrets]
DATABASE_URL = { provider = "op", value = "prod-db/url" }FNOX_PROFILE=production fnox exportfnox initfnox.tomlop signinmise trustmise exec -- fnox