Hako
How-to Guides

How to Manage Secrets

Control how sensitive files are handled in worktrees.

By default, hako new copies .env* files (except .env.local and .env.hako), .npmrc, .nvmrc, .node-version, and .tool-versions from the repo root to each worktree. Adding a secrets: section to hako.yml disables this default and gives you explicit control.

Assumptions

You have a working hako setup and want to control which files are copied, templated, or symlinked into worktrees.

Copy Files

Copy files from the repo root to the worktree:

secrets:
  copy:
    - .env.local
    - config/credentials.json

Parent directories are created if needed. Missing source files produce a non-fatal warning.

Template Files

Render files with variable substitution:

secrets:
  template:
    - source: .env.template
      target: .env.local

Available template variables: {{repo}}, {{branch}}, {{branch_slug}}, {{worktree_path}}, {{port_base}}. Shell-style ${VAR} patterns are preserved (not expanded).

Missing source files produce an error.

Create symbolic links to repo root files:

secrets:
  symlink:
    - .npmrc
    - .docker/config.json

Missing source files produce a non-fatal warning.

Combining Mechanisms

secrets:
  copy:
    - .env
    - .env.development
  template:
    - source: .env.template
      target: .env.local
  symlink:
    - .npmrc

For the full list of template variables, see the configuration reference.

How to Configure Lifecycle Hooks

Automate tasks at lifecycle events with hako hooks.

How to Set Up Shell Integration

Enable hako cd and hako env apply in your shell.

ops.origin: Masakiro Corp.

On this page

AssumptionsCopy FilesTemplate FilesSymlink FilesCombining Mechanisms