mise en place! Et de l’aqua de table, s’il vous plaît !

Still using asdf to manage your project- or home directory-binaries? Or you have nothing else in place than Dockerfiles? – It’s time to put that aside!

mise (pronounced “meez”) started as version manager like asdf and shortly emerged into a “polyglot” tool manager. It aims to be the only tool you need for your dev environment – therefore a “frontend” which you use to initialise a project with. It manages not just binaries, but also language runtimes (Node.js, Python, Ruby), environment variables – or as it’s three pillars state:

• Version manager: Not only replaces asdf, nvm, pyenv but extends it by managing the installation of CLI binaries (like kubectl, terraform, or fzf) across teams and CI/CD environments (like aqua) via declarative TOML configuration.
• Environment Manager: It replaces direnv (loads .env files automatically when you enter a folder). But it also can manage your global CLI tools. It does support fnox (a side-project of the Mise creator jdx), sops and age as backend.
• Task Runner: Replaces make or just (defines project-specific scripts) or or npm scripts (lol)

Mise History

rtx (former name of mise) was built specifically as a faster, Rust-based alternative to asdf. At the time, asdf was the industry standard for polyglot version management but was criticized for being slow (because it was written in Bash) and its shim-system occasionally broke things.

Later in 2023**, the project rebranded from rtx to **mise because a major aerospace company (Raytheon) re branded itself as RTX Corporation in July 2023. To avoid trademark confusion and better reflect its growing scope, the developer (Jeff Dickey) chose mise. Shortly after the name change, mise expanded to replace direnv.

Mise As Version Manager

Mise is another commodity-tool – just like docker – it is versatile and does it’s job pretty well.

It’s now trending in most medium.com articles at the end of the 2025. Itself it wants to be a “frontend for dev-enviroments”.

It also puts an eye on security before pulling insecure binaries from Github or XY. The solution is another tool called aqua which is uses as backend. aqua itself is a declarative CLI version manager written in Go which which primary goal is also to manage the installation of pre-compiled and verified CLI binaries (like kubectl, terraform, or fzf) across teams and CI/CD environments:

• Lazy install aqua doesn’t actually install the tool until the moment you first run the command. It uses “shims” or “proxies” to trigger the download on demand.

• Security-First It has heavy focus on supply chain security, supporting checksum verification, SLSA provenance, and GitHub Artifact Attestations.

• Declarative You define your tools in an aqua.yaml file. When a teammate clones your repo and runs aqua i, they get the exact same tool versions instantly.

Mise as User-Local Package Manager for Binaries

Of course you can use aqua or mise to also manage our personal binaries in your home directory. I recently switched to dotbins for managing my modern shell tools, now hoped onto mise:

$ mise use -g aqua:BurntSushi/ripgrep
mise ~/.config/mise/config.toml tools: aqua:BurntSushi/ripgrep@15.1.0

# Upgrades all tools to the latest versions
$ mise upgrade 

# Upgrades all tools to the latest versions and bumps the version in mise.toml
$ mise upgrade --interactive --bump  --yes

# Just print what would be done, don't actually do it
$ mise upgrade --dry-run

# Also you can get releases directl from HTTP
$ mise use -g http:my-tool[url=https://example.com/releases/my-tool-v1.0.0.tar.gz]@1.0.0
go: downloading github.com/rest-sh/restish v0.21.2
go: downloading golang.org/x/oauth2 v0.34.0
mise ~/.config/mise/config.toml tools: go:github.com/rest-sh/restish@0.21.2

# NOTE Using cargo might required your to remount /tmp as exec for cargo backend
sudo mount -o remount,exec /tmp

# Show me where bins are installed
$ mise bin-paths 
/home/ctang/.local/share/mise/installs/github-wilfred-difftastic/0.67.0
/home/ctang/.local/share/mise/installs/github-byron-dua-cli/2.32.2
/home/ctang/.local/share/mise/installs/github-astral-sh-uv/0.9.21
/home/ctang/.local/share/mise/installs/aqua-docker-compose/5.0.1
/home/ctang/.local/share/mise/installs/go/1.25.5/bin
/home/ctang/.cargo/bin

# Let's use shims
$ mise activate --shims
$ export PATH="/home/ctang/.local/share/mise/shims:$PATH"

# This is needed to active shims within a project
echo 'eval "$(mise activate bash)"' >> ~/.bashrc line to your shell rc file (in this case, for bash)

Secrets with Mise

Mise is very versatile for offering you countless ways for how you want to do secrets. By default it is using fnox, which is a new secrets tool by the same author but it can also use sops or age or your custom tools.

Example for using Vault with MISE

# Access your Vault
export VAULT_ADDR='https://your-vault-url:8200'
export VAULT_TOKEN='your-root-or-app-token'

# Enable the Transit engine (if not already enabled)
vault secrets enable transit

# Create a key specifically for encrypting dev secrets
vault write -f transit/keys/mise-key

# Tell SOPS to use your Vault key for encryption
export SOPS_VAULT_ADDR=$VAULT_ADDR
sops --hc-vault-transit $VAULT_ADDR/v1/transit/keys/mise-key secrets.enc.env

# Setting a env var or staging environment
mise set -E staging NODE_ENV=staging

# Now add your secrets to secrets.enc.env

mise.toml

[env]
# Tell mise to load the encrypted file
# Mise will use your local 'sops' binary to decrypt this on the fly
_.file = "secrets.enc.env"

# Optional: Redact these from 'mise env' output for security
redactions = ["STRIPE_API_KEY", "DB_PASSWORD"]

mise exec -- printenv STRIPE_API_KEY

mise.toml

[tasks.deploy]
description = "Deploy using secrets from Vault/SOPS"
run = "curl -X POST https://api.stripe.com/v1/deploy -u $STRIPE_API_KEY:"

Useful Aliases

alias m=mise
# NOTE mise <jobname> can also work if not collidign with reserved names
alias mr='mise run'  
alias me='$EDITOR mise.toml'