| python-dotenv |
PyPI · GitHub |
Reads key-value pairs from a .env file and sets them as environment variables; compatible load_dotenv / dotenv_values API. |
File-based; Enveloper uses the OS keychain and optional cloud stores (AWS SSM, GitHub), with a dotenv-compatible SDK on top. |
| python-decouple |
PyPI · GitHub |
Keeps config out of code; reads from .ini or .env with type casting and defaults. |
File-based config; Enveloper stores secrets in the keychain and syncs to cloud, with import/export from dotenv/JSON/YAML. |
| environs |
PyPI · GitHub |
Parses and validates environment variables (including from .env) with type casting and validation. |
Focus on env parsing and validation; Enveloper focuses on where secrets live (keychain + cloud) and a CLI for sync. |
| dynaconf |
PyPI · GitHub |
Multi-source config (env, TOML/YAML/JSON, Vault, Redis) with profiles and validation. |
Broad config management; Enveloper is keychain-first with a .env-style workflow and push/pull to AWS SSM and GitHub. |
| keyring |
PyPI · GitHub |
Cross-platform Python API for the system keychain (macOS Keychain, Linux Secret Service, Windows Credential Locker). |
Low-level credential storage; Enveloper uses Keyring under the hood and adds project/domain, CLI, dotenv SDK, and cloud sync. |
| python-dotenv-vault |
PyPI · GitHub |
Loads encrypted .env.vault files (decrypt at runtime with a key); safe to commit the vault. |
Encrypted files in repo; Enveloper keeps secrets in the OS keychain and optionally pushes to SSM/GitHub, no committed secrets. |
| Doppler (doppler-sdk) |
PyPI · GitHub |
Hosted secrets manager; SDK and CLI inject config into env or fetch at runtime. |
SaaS-centric; Enveloper is local-first (keychain) with optional push/pull to AWS and GitHub, no required service. |
| 1Password (onepassword-sdk) |
PyPI · GitHub |
Official SDK to read secrets from 1Password vaults (e.g., with service accounts). |
1Password as source of truth; Enveloper uses the OS keychain and optional cloud stores, with a dotenv-style API. |
| pydantic-settings |
PyPI · GitHub |
Pydantic-based settings from env vars and .env with validation and type hints. |
Settings from env/files with validation; Enveloper is about storing and syncing secrets (keychain + cloud) and exposing them via a dotenv-like API. |
| SOPS |
GitHub · getsops.io |
Encrypted editor for secrets in YAML, JSON, ENV, INI; values encrypted (e.g., AWS KMS, GCP KMS, age, PGP). Safe to commit encrypted files. |
CLI/binary (Go); encrypts files in repo. Enveloper uses the OS keychain and optional cloud push/pull, with no committed secret files. |
| dotenv (Node.js) |
npm · GitHub |
Loads .env into process.env; zero-dependency, TypeScript declarations. Node counterpart to python-dotenv. |
File-based; Enveloper uses the keychain and optional cloud stores with a dotenv-compatible Python API. |
| dotenv-vault (Node.js) |
npm · Dotenv |
Encrypted .env.vault for Node; decrypt at runtime with DOTENV_KEY. Sync and manage envs via Dotenv services. |
Encrypted files + optional cloud sync; Enveloper is keychain-first, local, with optional push/pull to AWS SSM and GitHub. |
| dotenvx |
dotenvx.com · GitHub |
Encrypted .env from the creator of dotenv; ECIES/AES-256, public key in repo and private key elsewhere. Drop-in for dotenv, run anywhere, multi-environment. |
Encrypted .env files in repo; Enveloper uses the OS keychain and optional push/pull to AWS SSM and GitHub, no committed secret files. |
| varlock |
varlock.dev · GitHub |
Schema-driven .env (.env.schema with validation, types, redaction). Drop-in for dotenv; plugins (e.g., 1Password); varlock run for any language. |
Validation and schema in files; Enveloper is keychain-first with a dotenv-style API and push/pull to a number of cloud-providers and GitHub. |
| fnox |
GitHub · fnox.jdx.dev |
Encrypted or remote secret manager (Rust). Secrets in git (age, KMS) or in cloud (AWS SM/PS, 1Password, Vault, etc.); fnox.toml, fnox exec, shell integration. |
Multi-provider config and encrypted-in-repo; Enveloper is keychain-first with a dotenv-style Python API and push/pull to cloud-providers and GitHub. |
| latchkey |
GitHub |
CLI that injects API credentials into curl requests for known services (Slack, GitHub, etc.). Store via latchkey auth set or browser; agents use latchkey curl. |
Per-service auth for API calls; Enveloper is keychain-backed .env with push/pull to cloud-providers and GitHub and a dotenv-style SDK. |
| envio |
GitHub |
Secure CLI for env vars (Rust). Encrypted profiles; load into terminal or run programs with them. Import/export. |
Encrypted local profiles; Enveloper uses OS keychain and optional cloud sync with dotenv-compatible API. |
| enveil |
GitHub |
Hide .env from AI tools (Rust). .env holds ev:// refs; real values in local encrypted store, injected at runtime. enveil run -- npm start. |
Local encrypted store, no plaintext on disk; Enveloper uses OS keychain and optional cloud push/pull. |