Skip to content

enveloper

Envelope Services

Manage environment secrets via your system keychain or cloud secret stores. Don't leave exposed .env files laying about your filesystem.

Installation

pip install enveloper            # CLI only
pip install enveloper[sdk]       # CLI + SDK (load_dotenv / dotenv_values)
pip install enveloper[all]       # CLI + SDK + all cloud backends

Quick Start

# Import an existing .env file into the keychain
enveloper import sample.env --domain prod

# List what's stored
enveloper list

# Export for a build
eval "$(enveloper --domain prod export --format unix)"

# Unexport to remove the set of env variables after a build
eval "$(enveloper --domain prod unexport --format unix)"

# Push to AWS SSM
enveloper --service aws --domain prod push

# Pull from AWS SSM
enveloper --service aws --domain prod pull

Features

  • Backward compatible with .env files
  • Store values in local keychains (Mac, Linux, Windows), or cloud service secret stores (see below)
  • Versioning
  • Use in CI/CD, including Github Actions.
  • Support for hierarchical settings via domain and project sets.

Supported Backends

Backend Description
Local Keychain macOS Keychain, Linux Secret Service, Windows Credential Locker
File Plain .env files
AWS SSM AWS Systems Manager Parameter Store
GitHub GitHub Actions secrets
Vault HashiCorp Vault KV v2
GCP Google Cloud Secret Manager
Azure Azure Key Vault
Alibaba Alibaba Cloud KMS Secrets Manager

Documentation

License

GNU AGPL v3.0 or later