enveloper¶
Manage environment secrets via your system keychain or cloud secret stores. Don't leave exposed .env files laying about your filesystem.
Installation¶
pip install enveloper # CLI only
pip install enveloper[sdk] # CLI + SDK (load_dotenv / dotenv_values)
pip install enveloper[all] # CLI + SDK + all cloud backends
Quick Start¶
# Import an existing .env file into the keychain
enveloper import sample.env --domain prod
# List what's stored
enveloper list
# Export for a build
eval "$(enveloper --domain prod export --format unix)"
# Unexport to remove the set of env variables after a build
eval "$(enveloper --domain prod unexport --format unix)"
# Push to AWS SSM
enveloper --service aws --domain prod push
# Pull from AWS SSM
enveloper --service aws --domain prod pull
Features¶
- Backward compatible with
.envfiles - Store values in local keychains (Mac, Linux, Windows), or cloud service secret stores (see below)
- Versioning
- Use in CI/CD, including Github Actions.
- Support for hierarchical settings via domain and project sets.
Supported Backends¶
| Backend | Description |
|---|---|
| Local Keychain | macOS Keychain, Linux Secret Service, Windows Credential Locker |
| File | Plain .env files |
| AWS SSM | AWS Systems Manager Parameter Store |
| GitHub | GitHub Actions secrets |
| Vault | HashiCorp Vault KV v2 |
| GCP | Google Cloud Secret Manager |
| Azure | Azure Key Vault |
| Alibaba | Alibaba Cloud KMS Secrets Manager |
Documentation¶
- Step-by-Step Tutorial - From sample.env to keychain, builds, and cloud
- CLI Reference - All commands and options
- Technical Details - Architecture and internals
- Local Keychain - OS keychain setup and usage
- Cloud Storage - Cloud service configuration
- Versioning - Semantic versioning for secrets
- JSON/YAML - Import/export in JSON and YAML formats
- SDK - Python SDK for
load_dotenv/dotenv_values - Project Config -
.enveloper.tomlconfiguration - Config/Env Overrides - Priority order for settings
- Service Backend - Backend selection and configuration
- CI/CD Integration - GitHub Actions, CodeBuild, GitLab CI
- Makefile Integration - Build system integration
- Other Projects - Comparison with similar tools
- Development - Contributing and development
- Adding Stores - Creating custom store plugins
- Publishing - Publishing to PyPI
- Security - Secure data storage and access control
- Disclosures - Disclosures and confessions
- License - AGPL-3.0-or-later