CrowEnv — Smart secrets. Like a crow. 🐦⬛ Python loader for the .cenv encrypted secrets standard (AES-256-GCM)
Project description
🐦⬛ CrowEnv — Python
CrowEnv replaces insecure plain .env files with .cenv — AES-256-GCM encrypted secrets safe to commit to Git.
"Crows hide their treasures. Now so can you." 🐦⬛
Install
pip install crowenv
Quick Start
# 1. Initialize .gitignore
crowenv init
# 2. Generate a 256-bit master key (save this in your secrets manager!)
crowenv generate-key
# 🔑 a3f8c901... ← copy and store safely
# 3. Set the key
export CENV_MASTER_KEY="a3f8c901..."
# 4. Encrypt your .env
crowenv encrypt
# ✅ .cenv created (3 secrets, AES-256-GCM)
# 5. Commit .cenv safely
rm .env && git add .cenv && git commit -m "Add encrypted secrets"
Python API
import cenv
import os
# Load .cenv into os.environ (call at app startup)
cenv.load()
# Now use secrets normally
db_password = os.getenv("DB_PASSWORD")
api_key = os.getenv("API_KEY")
CLI Commands
| Command | Description |
|---|---|
crowenv init |
Initialize .gitignore |
crowenv generate-key |
Generate a 256-bit random master key |
crowenv encrypt [file] |
Encrypt .env → .cenv |
crowenv decrypt [file] |
Decrypt .cenv → stdout |
crowenv load [file] |
Load .cenv into process environment |
crowenv verify [file] |
Verify .cenv integrity |
Security
| Property | Value |
|---|---|
| Encryption | AES-256-GCM |
| Key derivation | PBKDF2-HMAC-SHA256 (600,000 iterations) |
| Nonce | 12 bytes, random per encrypt |
| Auth tag | 16 bytes (tamper detection built-in) |
| Dependency | cryptography library |
The .cenv file format is git-safe — commit it openly. The master key stays secret (env var, secrets manager, vault).
The .cenv Format
{
"v": "1.0",
"s": "<base64 16-byte salt>",
"d": "<base64 nonce(12) + auth_tag(16) + ciphertext>"
}
Links
- 🐦⬛ GitHub
- 📋 Full Spec
- 🔐 Security Policy
- 📦 npm (Node.js)
- 🦀 crates.io (Rust)
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file crowenv-1.0.1.tar.gz.
File metadata
- Download URL: crowenv-1.0.1.tar.gz
- Upload date:
- Size: 5.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4088f4752a8c2481c14e9a305bf7f952f4a215b6a0886b4ea53a87d02a47ccbe
|
|
| MD5 |
f8ef96db104e6cf232af2409da4a704c
|
|
| BLAKE2b-256 |
44e98af5df604ce222b2cf250586f7ddd7f1014500a74d98f2024fa1ae3585f3
|
File details
Details for the file crowenv-1.0.1-py3-none-any.whl.
File metadata
- Download URL: crowenv-1.0.1-py3-none-any.whl
- Upload date:
- Size: 5.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
74c3601aa2c8e347b65fb3cf13da3cf8b6fece07e6b1f4a325e9e99a28f488c6
|
|
| MD5 |
cb153f3789da8d93a3db7f036ba6fc7d
|
|
| BLAKE2b-256 |
d9fb15e77a12c96c65bdbc284731d5691647e1944691117b6371c9e73d2f139e
|
