Skip to main content

Validate your .env file against .env.example before you deploy.

Project description

dotguard logo

dotguard

Validate your .env file against .env.example before you deploy.

PyPI Python MIT License


The problem

AI-assisted coding is fast. It's also quietly shipping placeholder credentials, empty secrets, and misconfigured environments to production every day.

Your .env file is the last line of defense — and most teams never validate it.

dotguard does.


What it catches

Check Severity
Key in .env.example missing from .env ERROR
Sensitive key with an empty value ERROR
Sensitive key with a placeholder value (e.g. your-key-here) ERROR
.env file tracked or staged in git ERROR
Non-sensitive key with a placeholder value WARNING
Key in .env not documented in .env.example WARNING
Non-sensitive key with an empty value WARNING

Install

pip install dotguard

Usage

dotguard                   # Validate .env against .env.example
dotguard --strict          # Treat warnings as errors (recommended for CI)
dotguard --fail-on errors  # Exit 1 on errors only (default)
dotguard --fail-on warnings # Exit 1 on warnings only
dotguard --fail-on all     # Exit 1 on any issue
dotguard --no-extras       # Treat undocumented keys as errors
dotguard --no-git-check    # Skip git tracking check
dotguard --quiet           # Silent — exit code only
dotguard init              # Generate .env.example from your .env
dotguard init --force      # Overwrite an existing .env.example

Exit codes

Code Meaning
0 All checks passed
1 One or more errors
2 File not found

CI integration

Drop dotguard into your pipeline to catch environment issues before they reach production.

GitHub Actions (reusable workflow)

The easiest way to integrate dotGuard is via the reusable workflow. Add this to your own repo's workflow file:

jobs:
  dotguard:
    uses: Vengeance-us/dotguard/.github/workflows/dotguard.yml@main
    with:
      fail_on: "errors"       # "errors" | "warnings" | "all" (default: "errors")
      env_file: ".env"        # path to your .env file (default: ".env")
      example_file: ".env.example"  # path to your .env.example (default: ".env.example")
      pr_comment: true        # post findings as a PR comment (default: false)

If no .env file is found in the repository, dotGuard skips gracefully and the workflow passes.

GitHub Actions (inline)

Prefer to inline it directly in your own workflow?

- name: Validate environment
  run: |
    pip install dotguard
    dotguard --fail-on errors

Pre-commit hook

# .git/hooks/pre-commit
dotguard --quiet || { echo "dotguard: fix .env errors before committing"; exit 1; }

Getting started

If you don't have a .env.example yet, generate one from your existing .env:

dotguard init

This creates a .env.example with all your keys present but values scrubbed — safe to commit, ready to share with your team.

Then validate any time:

dotguard

License

MIT


Built for developers who ship with confidence.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dotguard-0.4.0.tar.gz (9.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

dotguard-0.4.0-py3-none-any.whl (8.3 kB view details)

Uploaded Python 3

File details

Details for the file dotguard-0.4.0.tar.gz.

File metadata

  • Download URL: dotguard-0.4.0.tar.gz
  • Upload date:
  • Size: 9.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for dotguard-0.4.0.tar.gz
Algorithm Hash digest
SHA256 eb4d47e9073c8175cc0a4b04ea8ded9ca2beabdcb0410b6f6d8c2b20d92ff7b7
MD5 4626a1dfb62d48162c2266bd13e7f071
BLAKE2b-256 ce14e1f6191e51388a1a46e83d5fe8053528d9fb24cba159ca09aee36c71a45d

See more details on using hashes here.

Provenance

The following attestation bundles were made for dotguard-0.4.0.tar.gz:

Publisher: publish.yml on Vengeance-us/dotguard

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file dotguard-0.4.0-py3-none-any.whl.

File metadata

  • Download URL: dotguard-0.4.0-py3-none-any.whl
  • Upload date:
  • Size: 8.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for dotguard-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 143172c5d3ca14f622627dbec1a4dcc9121af3eabe11ca9cea0d7b454d3dacc5
MD5 eee62b5a6e142cbbc93bb0007e0dac7c
BLAKE2b-256 d462b236d16a93e6944b0877b45ae24edfe5cd07a18ca87b38ce346b75b54178

See more details on using hashes here.

Provenance

The following attestation bundles were made for dotguard-0.4.0-py3-none-any.whl:

Publisher: publish.yml on Vengeance-us/dotguard

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page