Encrypted environment variable vault with AI access policies, keeping secrets safe from AI agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for fentz26 from gravatar.com fentz26

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Other/Proprietary License (SAL-1.0)
  • Author: fentz26
  • Tags mcp , environment-variables , secrets , security , ai , claude , model-context-protocol
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

EnvCP Python Binding

Native Python binding for EnvCP - an encrypted environment variable vault with AI access policies. Built on Rust + PyO3 for zero-dependency native performance.

Installation

pip install envcp-core

Or with pipx:

pipx install envcp-core

Usage

from envcp import encrypt, decrypt, StorageManager

# Crypto operations
ciphertext = encrypt("my-secret-value", "my-password")
plaintext = decrypt(ciphertext, "my-password")

# StorageManager for encrypted vault files
sm = StorageManager("~/.envcp/vault.json", encrypted=True)
sm.set_password("my-password")

# Load, get, set, delete, list
vault_json = sm.load()
sm.set("API_KEY", '{"value":"secret","protected":false}')
sm.get("API_KEY")
sm.list()
sm.delete("API_KEY")

API Reference

Crypto Functions

Function Description
encrypt(plaintext, password) -> str AES-256-GCM encrypt with Argon2id
decrypt(ciphertext, password) -> str Decrypt v1 (PBKDF2) or v2 (Argon2id)
hash_password(password) -> str Argon2id password hash
verify_password(password, hash) -> bool Verify password hash
generate_recovery_key() -> str Generate 32-byte recovery key
create_recovery_data(password, key) -> str Create encrypted recovery blob
recover_password(data, key) -> str Recover password from recovery data
hmac_sign(key, data) -> str HMAC-SHA256 signature
hmac_verify(key, data, expected) -> bool Timing-safe HMAC verification
generate_id() -> str Random ID
generate_session_token() -> str Session token

StorageManager Class

Method Description
StorageManager(path, encrypted=True) Create manager for vault at path
set_password(password) Set encryption password
invalidate_cache() Clear in-memory cache
exists() -> bool Check if vault file exists
load() -> str Load full vault as JSON string
get(name) -> Optional[str] Get single variable as JSON
set(name, var_json) Set variable (var_json is JSON string)
delete(name) -> bool Delete variable, returns True if existed
list() -> List[str] List all variable names

Requirements

  • Python 3.9+
  • No Node.js dependency (native Rust binding)

Building from Source

git clone https://github.com/fentz26/EnvCP
cd EnvCP
cargo build --release -p envcp-python

For wheel distribution:

pip install maturin
cd crates/envcp-python
maturin build --release

Links

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for fentz26 from gravatar.com fentz26

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Other/Proprietary License (SAL-1.0)
  • Author: fentz26
  • Tags mcp , environment-variables , secrets , security , ai , claude , model-context-protocol
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

This version

1.2.0

1.0.92

1.0.83

1.0.83rc0 pre-release

1.0.83b0 pre-release

1.0.9

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

envcp-1.2.0.tar.gz (3.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

envcp-1.2.0-py3-none-any.whl (3.6 kB view details)

Uploaded Python 3

File details

Details for the file envcp-1.2.0.tar.gz.

File metadata

  • Download URL: envcp-1.2.0.tar.gz
  • Upload date:
  • Size: 3.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for envcp-1.2.0.tar.gz
Algorithm Hash digest
SHA256 d162b32616574bde30179d4cfe4e8b1e1fe2892008edbc9894dd048be35163f5
MD5 00f28b44234cc56ef22d942e0ae608eb
BLAKE2b-256 1085c96db4cfd3429e415efb00a69cb2e94bd526c75ed41bda3f10a136a20f7c

See more details on using hashes here.

Provenance

The following attestation bundles were made for envcp-1.2.0.tar.gz:

Publisher: publish.yml on fentz26/EnvCP

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file envcp-1.2.0-py3-none-any.whl.

File metadata

  • Download URL: envcp-1.2.0-py3-none-any.whl
  • Upload date:
  • Size: 3.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for envcp-1.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 8746869f726ba3fd6fc9af834248d900eaf863cedf8e55964f167e655804408c
MD5 ab5f23378ea490fe478c68744151cae3
BLAKE2b-256 f70aa1690c3425f6c117a6982d3efd78626bd4673c60ad23e921aa2c3c2a9110

See more details on using hashes here.

Provenance

The following attestation bundles were made for envcp-1.2.0-py3-none-any.whl:

Publisher: publish.yml on fentz26/EnvCP

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page