Powerful helper utility to create shell alias commands to easily set collections of environment variables often with secret values from a variety of data-sources and data-formats.
Project description
Env Alias
Env Alias is an environment variable swiss-army-knife that enables loading complex collections of environment variables from a variety of sources only when you require them, thus reducing risks in working with sensitive environment values.
A variety of data-formats are supported including JSON, YAML, Keepass, Ansible Vault, Plaintext and Ini-config where these formats can be sourced from the local-filesystem, http-remote or generated through shell-command exec output.
For example setting an Ansible-vault password file and loading AWS access credentials from values stored in a git project based Keepass file:
env-alias:
MYPROJECT_KEEPASS_FILE:
name: null # prevents this value being assigned into env
exec: 'echo "$(git rev-parse --show-toplevel)/secrets/myproject-keepass.kdbx"'
MYPROJECT_KEEPASS_PASSPHRASE:
source: "<getpass>" # obtain value from user-input using getpass method
override: false # if this env-value exists then skip setting again
MYPROJECT_ANSIBLE_VAULT_PASSWORD:
name: null # prevents this value being assigned into env
source: "env:MYPROJECT_KEEPASS_FILE"
selector: "myproject-name/ansible-vault-entry-name:Password" # select an item from Keepass file
keepass_password: "env:MYPROJECT_KEEPASS_PASSPHRASE"
ANSIBLE_VAULT_PASSWORD_FILE:
ansible_vault_password: "env:MYPROJECT_ANSIBLE_VAULT_PASSWORD" # NB: see docs how this gets managed
ansible_vault_password_file: true # invoke special helper that renders an Ansible Vault password file
AWS_SECRET_ACCESS_KEY:
source: "env:MYPROJECT_KEEPASS_FILE"
selector: "myproject-name/aws-entry-name:Password"
keepass_password: "env:MYPROJECT_KEEPASS_PASSPHRASE"
AWS_ACCESS_KEY_ID:
source: "env:MYPROJECT_KEEPASS_FILE"
selector: "myproject-name/aws-entry-name:Username"
keepass_password: "env:MYPROJECT_KEEPASS_PASSPHRASE"
The above example sets the environment variable MYPROJECT_KEEPASS_PASSPHRASE with user input using
the getpass Python module only if not already set (override=false). This environment value is then
used as the keepass passphrase to open a Keepass file where values are then selected and exported
into the shell environment.
Substantially more complex env-alias definitions can be created.
By naming your env-aliases with an easy to remember prefix such as env- it is also possible to
leverage shell tab-completion thus making it easier to find the env-alias definitions created
for your project or other use-case situation.
Features
Env Alias is enormously useful in working with large sets of environment variables from remote, encrypted or otherwise secured data-sources.
- Data sources: local-files, http-remote and stdout from an exec command-line.
- Source formats supported: JSON, YAML, Keepass, Ansible Vault, Plaintext and Ini-config.
- Select values using jq style selectors, xpath style selectors or line-numbers.
- 💥 Additional special handling for Ansible Vault Password Files that makes credential handling for Ansible Vault files substantially easier with reduced exposure risks. 💥
- Self reference environment values in the definition file or from the existing system environment.
- Define variables with a
nullname to prevent them being exported into the system environment while still being available for self-reference within the env-alias definition; this is helpful when working with sensitive values that should not be available through the system environment. - Ability to use
execcommands to setup other project prerequisites or other project start conditions. - Debug mode output to STDERR.
- Easy installation from PyPI.
- Plenty of documentation and examples - https://env-alias.readthedocs.io
Installation
Pip or pipx should be fine, we prefer pipx these days.
pipx install env-alias
Usage
This tool is typically invoked using an entry in .bash_aliases with an entry of the form:-
source <(env-alias ~/projects/awesome/env-awesome-vars.yml)
This simple .bash_aliases one-line entry creates the alias env-awesome-project by inferring the
alias-name from the filename, where this alias then invokes env-alias to set environment values
defined in env-awesome-project.yml
Alternatively, you might want to create the alias awesome-envvars which you could do as per -
source <(env-alias awesome-envvars ~/projects/awesome/env-awesome-vars.yml)
Project
- Github - github.com/ndejong/env-alias
- PyPI - pypi.python.org/pypi/env-alias
- ReadTheDocs - env-alias.readthedocs.io
Copyright © (2020-2024) Nicholas de Jong
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file env_alias-0.5.3.tar.gz.
File metadata
- Download URL: env_alias-0.5.3.tar.gz
- Upload date:
- Size: 14.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | aebc06eef3c3832aea7116282dcbaf26a6c966aabe765441849b7e3e171346e4 |
|
| MD5 | 6687798dfdb65ee5a10f935cb094d101 |
|
| BLAKE2b-256 | d50cd1e1f3cc70441ea50d401fc8a7da01feafc91fed7ee0883d6d10d87e6037 |
File details
Details for the file env_alias-0.5.3-py3-none-any.whl.
File metadata
- Download URL: env_alias-0.5.3-py3-none-any.whl
- Upload date:
- Size: 15.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f76bbeb44bcf88d01e2d4344030151a70dba297a47d7e569096644358a5fc291 |
|
| MD5 | 6b4ce9d1729b5ce6b285ffd5a09b920b |
|
| BLAKE2b-256 | 362816b31f198f2892e3d04a317230e05b95a172d10f889da9311cce96b9cfcd |
