CLI tool for managing and syncing .env files across machines and team members
Project description
env-sync
CLI tool for managing and syncing .env files across machines and team members. Encrypts secrets locally, syncs via git or file transfer, diffs between environments, and auto-rotates secrets.
Install
pip install env-sync
Quick Start
# Initialize in your project
env-sync init
# Add variables (auto-detects and encrypts secrets)
env-sync add DATABASE_URL=postgresql://user:pass@host/db
env-sync add NODE_ENV=development
env-sync add API_KEY=sk-abc123def456
# List all variables (secrets masked)
env-sync list
# Get a specific value
env-sync get API_KEY
# Import from existing .env
env-sync import .env
# Export to .env file
env-sync export
# Compare environments
env-sync diff staging prod
# Rotate a secret
env-sync rotate API_KEY
# Share encrypted bundle with team
env-sync share
# Check for secrets in git-staged files
env-sync ci
# Install as pre-commit hook
env-sync ci --install
How It Works
env-sync initcreates.env-sync/with encrypted storage- All variables are encrypted at rest using AES-256-GCM
- Encryption key derived from password + salt via PBKDF2 (600k iterations)
- Secret keys are auto-detected by name patterns (password, token, key, etc.)
- Share creates an encrypted bundle — safe to commit or transfer
- Audit log tracks all access
Security
- AES-256-GCM encryption for all stored secrets
- PBKDF2 key derivation with 600k iterations
- Cryptographically secure random values via
secretsmodule - Secret values are never logged or displayed unmasked
- Pre-commit hook prevents secrets from being committed to git
Secret Detection Patterns
- AWS Access Keys (
AKIA...) - API keys and secrets
- Bearer tokens
- Passwords
- Private keys (RSA, EC, OpenSSH)
- Database connection strings
- Webhook URLs
- JWT tokens
License
MIT © Hiren Thakore
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
dotlocker-0.1.0.tar.gz
(17.8 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
dotlocker-0.1.0-py3-none-any.whl
(17.0 kB
view details)
File details
Details for the file dotlocker-0.1.0.tar.gz.
File metadata
- Download URL: dotlocker-0.1.0.tar.gz
- Upload date:
- Size: 17.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.28 {"installer":{"name":"uv","version":"0.9.28","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
220612d55320d39b6eadecb08c15611a3789dbc9a7b2fdfd67620d8ec7eea06a
|
|
| MD5 |
fb9560f98e2015cdd2b6ceb4819269ed
|
|
| BLAKE2b-256 |
ffc2fadf150da14aec7877fada2f5461246bd5c8f38cb19a994ed72c73c93136
|
File details
Details for the file dotlocker-0.1.0-py3-none-any.whl.
File metadata
- Download URL: dotlocker-0.1.0-py3-none-any.whl
- Upload date:
- Size: 17.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.28 {"installer":{"name":"uv","version":"0.9.28","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
34ff651e55ee5997c0a65e95cced09ff390d23f1bd614e1dce57b85e2c82799a
|
|
| MD5 |
a2351ad5d03cdf6517b10d4171ae2a57
|
|
| BLAKE2b-256 |
8a4c5560e79e47b378617da5f450d3403eb382c400bba2d032ab7bb5e6d9e86a
|
