Skip to main content

Git for your .env files - Secure environment variable management with encryption

Project description

Envy 🔐

Git for your .env files - Secure environment variable management with encryption, profiles, and more.

Features

🔒 Security First

  • AES Encryption - All secrets stored encrypted using Fernet (AES-256)
  • System Keyring Integration - Master key stored in OS keychain (Windows Credential Manager, macOS Keychain)
  • Process Injection - envy run injects secrets into memory, never writes to disk
  • Age Encryption - Public key sharing for team collaboration

📁 Profile Management

  • Multiple environments (dev, staging, prod)
  • Easy switching between profiles
  • Copy and diff profiles

🔄 Drift Detection

  • Compare profiles to find missing keys
  • Prevent "works on my machine" errors

Secret Rotation

  • Set expiration dates on secrets
  • Automatic staleness detection
  • Health checks for your secrets

Installation

# Install from PyPI
pip install envy-secrets

PyPI: https://pypi.org/project/envy-secrets/

Development Installation

# Create and activate virtual environment
python -m venv venv
.\venv\Scripts\Activate  # Windows
source venv/bin/activate  # Linux/macOS

# Install in development mode
pip install -e .

Quick Start

# Initialize envy in your project
envy init

# Set some secrets
envy set DATABASE_URL=postgres://localhost/mydb
envy set API_KEY=sk-1234567890 --expires 30d
envy set PORT=3000 --profile prod

# View secrets
envy view
envy view --profile prod --show

# Run your app with secrets injected (RECOMMENDED!)
envy run dev -- node index.js
envy run prod -- python app.py

# Generate .env file (less secure, but sometimes needed)
envy export --output .env.local

# Login to Envy Cloud (for team collaboration)
envy cloud login
envy cloud status  # Check who you're logged in as

Commands

Core Commands

Command Description
envy init Initialize envy in the current directory
envy set KEY=VALUE Set an encrypted environment variable
envy get KEY Get a variable value
envy delete KEY Delete a variable
envy view View all secrets in a profile
envy run <profile> -- <command> Run command with secrets injected
envy export Generate a .env file
envy import Import from a .env file
envy capture Capture current process environment
envy diff <source> <target> Show differences between profiles
envy check Check for expired/stale secrets
envy status Show envy status

Profile Commands

Command Description
envy profile list List all profiles
envy profile create <name> Create a new profile
envy profile delete <name> Delete a profile
envy profile switch <name> Switch active profile
envy profile copy <src> <dst> Copy secrets between profiles

Team Commands

Command Description
envy cloud login Login to Envy Cloud
envy cloud logout Logout from Envy Cloud
envy cloud status Show logged-in user info
envy cloud clone <slug> Clone a project from cloud
envy cloud push Push local secrets to cloud
envy cloud remote Show/set remote project
envy team list List team members from cloud

Security Best Practices

  1. Never commit .envy/master.key - It's automatically added to .gitignore
  2. Use envy run instead of envy export - Secrets stay in memory
  3. Set expiration dates - envy set KEY=value --expires 30d
  4. Run envy check regularly - Find stale and expiring secrets

File Structure

your-project/
├── .envy/
│   ├── master.key      # 🔑 Encryption key (NEVER COMMIT!)
│   └── secrets.json    # 🔒 Encrypted secrets (safe to commit)
├── .gitignore          # Auto-updated to ignore sensitive files
└── ...

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

envy_secrets-0.1.1.tar.gz (19.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

envy_secrets-0.1.1-py3-none-any.whl (21.3 kB view details)

Uploaded Python 3

File details

Details for the file envy_secrets-0.1.1.tar.gz.

File metadata

  • Download URL: envy_secrets-0.1.1.tar.gz
  • Upload date:
  • Size: 19.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.7

File hashes

Hashes for envy_secrets-0.1.1.tar.gz
Algorithm Hash digest
SHA256 90ba56c84361a26ac9f5cbda38c2143bcd12352c4d520c082fe4cc761faaaba2
MD5 26001ba5ad834a42720878573f691101
BLAKE2b-256 eccca7b2887017d778c8f89b45cb4bf0a9f2e4aa9a152ebb5fa7bca6a6260acd

See more details on using hashes here.

File details

Details for the file envy_secrets-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: envy_secrets-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 21.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.7

File hashes

Hashes for envy_secrets-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 c6d970957e28030de466569fd806fd5ca90767d29957b7ac2c8e9f423290ebd9
MD5 bd45360caf35292a109203379481a301
BLAKE2b-256 c4a440cfa1bb38e37bbdb2b6a62a4a02c1e029390bb547203ba1db2f59ded940

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page