Bug Fixes
- ci: gate vscode publish on env, not secrets, in step if (#400) (eca1a72)
- ci: test env + vault image + fail-closed checksums + SHA pins + key cleanup (#331,#332,#334,#365,#374,#348) (#394) (8a54859)
- parser: export prefix + inline comments + vault quote convergence + init guard (#351,#357,#356,#372) (#385) (6fa155e)
- partial-encryption: ciphertext-anchored is_file_encrypted + companion/utf-8 (#352,#358,#371) (#378) (22431e4)
- scanner: native-scanner false-positive/negative correctness (#354,#355,#368,#369,#370) (#377) (eec72e2)
- scanner: report all secrets per line via finditer (#406) (883fdb7)
- scanner: structure-aware encryption detection in native scanner (#404) (f61d930)
- security: redact secret previews in sync output + enforce GCP project boundary (#348) (#393) (13aab54)
- sops: anchor metadata markers + correct exec-env invocation (#324, #329) (#350) (b724cdf)
- sync: atomic_write via mkstemp to block predictable-tmp symlink (#405) (3e9e40d)
- sync: lock --check read-only + vault push --all correctness (#303,#318,#325,#347) (#376) (5d550a5)
- sync: skip lone mismatched .env.<env> in auto-detect (#407) (906d438)
- sync: validate DOTENV_PRIVATE_KEY env suffix on vault pull (#403) (d502f5d)
- vault auth-state + config correctness (#304/#305/#308/#313/#326-328) (#340) (721f10e)
Documentation
PyPI: https://pypi.org/project/envdrift/10.13.7/
