Manage environment secrets via your system keychain or cloud secret stores. Don't leave exposed .env files laying about your filesystem.
pip install enveloper # CLI only
pip install enveloper[sdk] # CLI + SDK (load_dotenv / dotenv_values)
pip install enveloper[all] # CLI + SDK + all cloud backends# Sample .env file
# Import an existing .env file into the keychain
enveloper import sample.env --domain dev
# List what's stored
enveloper list
# Load local environment settings from keychain
eval "$(enveloper --domain dev export --format unix)"
# Values are loaded into local environment variables.
# Use in Makefile, shell scripts, etc.
# 'unix' format works for Linux, Mac, and Windows WSL.
# For Windows Powershell, use 'win' as format.
# When done, you can use 'unexport' command to remove the set of env variables
eval "$(enveloper --domain dev unexport --format unix)"
# Push to AWS SSM - assume AWS_EXPORT is set or default is configured
enveloper --service aws --domain dev push
# Verify that they got pushed in AWS console for System Store > Parameters
enveloper --service aws list --domain dev
# Pull from AWS SSM into local keychain
enveloper --service aws --domain dev pull
# Clear environment settings
enveloper --domain dev clear
- Backward compatible with
.envfiles. - Store values in local keychains (Mac, Linux, Windows), or cloud service secret stores (see below).
- Work with individual environment variables or sets.
- Versioning of environment values using Semantic Versioning.
- Use in build chains (Make, Gradle, etc.) or CI/CD, including Github Actions.
- Support for hierarchical settings via domain and project sets.
| Backend | Description |
|---|---|
| Local Keychain | MacOS Keychain, Linux Secret Service, Windows Credential Locker |
| File | Plain .env files |
| AWS SSM | AWS Systems Manager Parameter Store |
| GitHub | GitHub Actions secrets |
| Vault | HashiCorp Vault KV v2 |
| GCP | Google Cloud Secret Manager |
| Azure | Azure Key Vault |
| Alibaba | Alibaba Cloud KMS Secrets Manager |
- Step-by-Step Tutorial - From sample.env to keychain, builds, and cloud
- CLI Reference - All commands and options
- Technical Details - Architecture and internals
- Local Keychain - OS keychain setup and usage
- Cloud Storage - Cloud service configuration
- Versioning - Semantic versioning for secrets
- JSON/YAML - Import/export in JSON and YAML formats
- SDK - Python SDK for
load_dotenv/dotenv_values - Project Config -
.enveloper.tomlconfiguration - Config/Env Overrides - Priority order for settings
- Service Backend - Backend selection and configuration
- CI/CD Integration - GitHub Actions, CodeBuild, GitLab CI
- Makefile Integration - Build system integration
- Other Projects - Comparison with similar tools
- Development - Contributing and development
- Adding Stores - Creating custom store plugins
- Publishing - Publishing to PyPI
- Security - Secure data storage and access control
- Disclosures - Disclosures and confessions
- License - AGPL-3.0-or-later
