A fast, opinionated CLI for .env file management — diff, audit, encrypt.
cargo install --path .Semantic diff between two env files. Highlights added, removed, and changed
keys. Values for sensitive keys (SECRET, KEY, TOKEN, PASSWORD, etc.)
are always redacted.
Exits 0 if files are identical, 1 if differences are found.
local vs staging:
staging vs production:
Validates an env file against a schema. The schema is a plain-text file with
one required key per line (# comments allowed).
✗ MISSING— required key absent → error⚠ EMPTY— required key present but blank → error⚠ EXTRA— key present but not declared in schema → warning
Exits 0 if no errors (warnings are OK), 1 if any required keys are missing
or empty.
Failing audit (.env.local is missing SENTRY_DSN):
Passing audit (.env.staging satisfies all required keys):
Encrypts an env file with a passphrase using age. Prompts twice on encrypt (confirmation), once on decrypt.
# Produces .env.staging.age — original is kept
envx encrypt examples/.env.staging
# Restores to examples/.env.staging
envx decrypt examples/.env.staging.ageThe original file is never deleted automatically.
| File | Purpose |
|---|---|
examples/.env.local |
Local development defaults |
examples/.env.staging |
Staging environment |
examples/.env.production |
Production environment |
docs/examples/.env.schema |
Schema used in audit examples |
cargo build
cargo clippy -- -D warnings
cargo fmt