Decrypt .env.vault file.
Project description
python-dotenv-vault
Extends the proven & trusted foundation of python-dotenv, with a .env.vault file.
The extended standard lets you sync your .env files – quickly & securely. Stop sharing them over insecure channels like Slack and email, and never lose an important .env file again.
Installation
pip install python-dotenv-vault
As early as possible in your application bootstrap process, load .env:
from dotenv_vault import load_dotenv
load_dotenv() # take environment variables from .env.
# Code of your application, which uses environment variables (e.g. from `os.environ` or
# `os.getenv`) as if they came from the actual environment.
Usage
.env
Basic usage works just like python-dotenv.
Add your application configuration to your .env file in the root of your project:
S3_BUCKET=YOURS3BUCKET
SECRET_KEY=YOURSECRETKEYGOESHERE
When your application loads, these variables will be available in os.environ or os.getenv:
s3_bucket = os.getenv("S3_BUCKET")
print(s3_bucket)
.env.vault
The .env.vault extends .env. It facilitates syncing your .env file across machines, team members, and environments.
Usage is similar to git. In the same directory as your .env file, run the command:
$ npx dotenv-vault new
Follow those instructions and then run:
$ npx dotenv-vault login
Then run push and pull:
$ npx dotenv-vault push
$ npx dotenv-vault pull
That's it!
You just synced your .env file. Commit your .env.vault file to code, and tell your teammates to run npx dotenv-vault pull.
Multiple Environments
Run the command:
$ npx dotenv-vault open production
It will open up an interface to manage your production environment variables.
Integrate Anywhere™
Build your encrypted .env.vault:
$ npx dotenv-vault build
Safely commit and push your changes:
$ git commit -am "Updated .env.vault"
$ git push
Obtain your DOTENV_KEY:
$ npx dotenv-vault keys
Set DOTENV_KEY on your infrastructure. For example, on Heroku:
$ heroku config:set DOTENV_KEY="dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=production"
All set! When your app boots, it will recognize a DOTENV_KEY is set, decrypt the .env.vault file, and load the variables to ENV.
Made a change to your production envs? Run npx dotenv-vault build, commit that safely to code, and deploy. It's simple and safe like that.
Dotenv.org
You need a Dotenv Account to use Dotenv Vault. It is free to use with premium features.
Visit health.dotenv.org for more information.
FAQ
What happens if DOTENV_KEY is not set?
Dotenv Vault gracefully falls back to dotenv when DOTENV_KEY is not set. This is the default for development so that you can focus on editing your .env file and save the build command until you are ready to deploy those environment variables changes.
Should I commit my .env file?
No. We strongly recommend against committing your .env file to version control. It should only include environment-specific values such as database passwords or API keys. Your production database should have a different password than your development database.
Should I commit my .env.vault file?
Yes. It is safe and recommended to do so. It contains your encrypted envs, and your vault identifier.
Can I share the DOTENV_KEY?
No. It is the key that unlocks your encrypted environment variables. Be very careful who you share this key with. Do not let it leak.
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Added some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request
Changelog
See CHANGELOG.md
License
MIT
Changelog
All notable changes to this project will be documented in this file. See standard-version for commit guidelines.
Unreleased
0.4.0
Added
- Added feature to allow custom .env.vault path
0.3.0
Added
- Added backward compatibility python version 3.7+
0.2.0
Added
- Added comma separated capability to
DOTENV_KEY. Add multiple keys to your DOTENV_KEY for use with decryption. Separate with a comma.
0.1.1
Added
- Added support for handling any environment
0.1.0
Added
- Added README and CHANGELOG
0.0.9
Added
- Decrypting .env.vault file when
DOTENV_KEYis set.
0.0.8 and prior
Please see commit history.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for python-dotenv-vault-0.4.1a0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 510530d1e54338f3eb7a44db91b5a0f604cae4496d85d14ad265f3fdd307b732 |
|
| MD5 | cf6af5aae1e9dad73248fbbbcee2b939 |
|
| BLAKE2b-256 | 9b02f596ee19033d13655131f68626aa6c22bb9465734a12dec780aff6851213 |
Hashes for python_dotenv_vault-0.4.1a0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 77146f0a553fbeea39d8b253b03f0ba76786220d9739f5cccaeda783c34931a9 |
|
| MD5 | 8110bb9f3a0d04794c3515b64687d545 |
|
| BLAKE2b-256 | 842dd8c0e0d3278c2c25039fb18c0593ccb09ae5677c43e503ce2bbd01ccc3bc |
