Metadata-Version: 2.4
Name: envy-secrets
Version: 2.0.1
Summary: Git for your .env files - Secure environment variable management with encryption
Project-URL: Homepage, https://github.com/KRISHNA-JAIN15/ENVY
Project-URL: Documentation, https://github.com/KRISHNA-JAIN15/ENVY#readme
Project-URL: Repository, https://github.com/KRISHNA-JAIN15/ENVY
Project-URL: Issues, https://github.com/KRISHNA-JAIN15/ENVY/issues
Author-email: Krishna Jain <krishnajain1502@gmail.com>
License-Expression: MIT
License-File: LICENSE
Keywords: cli,devops,dotenv,encryption,env,environment,secrets,security
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: Topic :: Utilities
Requires-Python: >=3.10
Requires-Dist: argon2-cffi<24.0.0,>=23.1.0
Requires-Dist: cryptography<43.0.0,>=41.0.0
Requires-Dist: keyring<26.0.0,>=24.0.0
Requires-Dist: pyyaml<7.0.0,>=6.0.0
Requires-Dist: requests<3.0.0,>=2.28.0
Requires-Dist: rich<14.0.0,>=13.0.0
Requires-Dist: typer[all]<1.0.0,>=0.9.0
Provides-Extra: dev
Requires-Dist: black>=23.0.0; extra == 'dev'
Requires-Dist: pytest-cov>=4.0.0; extra == 'dev'
Requires-Dist: pytest>=7.0.0; extra == 'dev'
Requires-Dist: ruff>=0.1.0; extra == 'dev'
Description-Content-Type: text/markdown

<div align="center">

# 🔐 Envy

**Git for your .env files** - Secure environment variable management with encryption, profiles, and team collaboration

[![PyPI version](https://badge.fury.io/py/envy-secrets.svg)](https://pypi.org/project/envy-secrets/)
[![Python Version](https://img.shields.io/pypi/pyversions/envy-secrets.svg)](https://pypi.org/project/envy-secrets/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Downloads](https://pepy.tech/badge/envy-secrets)](https://pepy.tech/project/envy-secrets)

[Installation](#installation) • [Quick Start](#quick-start) • [Documentation](#commands) • [Cloud Sync](#team-commands) • [Contributing](#contributing)

</div>

---

## 📋 Table of Contents

- [Features](#features)
- [Installation](#installation)
- [Quick Start](#quick-start)
- [Commands](#commands)
  - [Core Commands](#core-commands)
  - [Profile Commands](#profile-commands)
  - [Team Commands](#team-commands)
- [Use Cases](#use-cases)
- [Security Best Practices](#security-best-practices)
- [File Structure](#file-structure)
- [FAQ](#faq)
- [Contributing](#contributing)
- [Roadmap](#roadmap)
- [License](#license)

## Features

### 🔒 **Security First**

- **AES Encryption** - All secrets stored encrypted using Fernet (AES-256)
- **System Keyring Integration** - Master key stored in OS keychain (Windows Credential Manager, macOS Keychain)
- **Process Injection** - `envy run` injects secrets into memory, never writes to disk
- **Age Encryption** - Public key sharing for team collaboration

### 📁 **Profile Management**

- Multiple environments (dev, staging, prod)
- Easy switching between profiles
- Copy and diff profiles

### 🔄 **Drift Detection**

- Compare profiles to find missing keys
- Prevent "works on my machine" errors

### ⏰ **Secret Rotation**

- Set expiration dates on secrets
- Automatic staleness detection
- Health checks for your secrets

## Installation

```bash
# Install from PyPI
pip install envy-secrets
```

**PyPI:** https://pypi.org/project/envy-secrets/

### Development Installation

```bash
# Create and activate virtual environment
python -m venv venv
.\venv\Scripts\Activate  # Windows
source venv/bin/activate  # Linux/macOS

# Install in development mode
pip install -e .
```

## Quick Start

```bash
# Initialize envy in your project
envy init

# Set some secrets
envy set DATABASE_URL=postgres://localhost/mydb
envy set API_KEY=sk-1234567890 --expires 30d
envy set PORT=3000 --profile prod

# View secrets
envy view
envy view --profile prod --show

# Run your app with secrets injected (RECOMMENDED!)
envy run dev -- node index.js
envy run prod -- python app.py

# Generate .env file (less secure, but sometimes needed)
envy export --output .env.local

# Login to Envy Cloud (for team collaboration)
envy cloud login
envy cloud status  # Check who you're logged in as
```

## Commands

### Core Commands

| Command | Description |
|---------|-------------|
| `envy init` | Initialize envy in the current directory |
| `envy set KEY=VALUE` | Set an encrypted environment variable |
| `envy get KEY` | Get a variable value |
| `envy delete KEY` | Delete a variable |
| `envy view` | View all secrets in a profile |
| `envy run <profile> -- <command>` | Run command with secrets injected |
| `envy export` | Generate a .env file |
| `envy import` | Import from a .env file |
| `envy capture` | Capture current process environment |
| `envy diff <source> <target>` | Show differences between profiles |
| `envy check` | Check for expired/stale secrets |
| `envy status` | Show envy status |

### Profile Commands

| Command | Description |
|---------|-------------|
| `envy profile list` | List all profiles |
| `envy profile create <name>` | Create a new profile |
| `envy profile delete <name>` | Delete a profile |
| `envy profile switch <name>` | Switch active profile |
| `envy profile copy <src> <dst>` | Copy secrets between profiles |

### Team Commands

| Command | Description |
|---------|-------------|
| `envy cloud login` | Login to Envy Cloud |
| `envy cloud logout` | Logout from Envy Cloud |
| `envy cloud status` | Show logged-in user info |
| `envy cloud clone <slug>` | Clone a project from cloud |
| `envy cloud push` | Push local secrets to cloud |
| `envy cloud remote` | Show/set remote project |
| `envy cloud remote add <project-slug>` | Set a remote project |
| `envy team list` | List team members from cloud |

## 💡 Use Cases

### Local Development
```bash
# Developer A sets up the project
envy init
envy set DATABASE_URL=postgres://localhost/dev
envy set API_KEY=dev-key-123
envy run dev -- npm start

# Developer B clones and gets secrets
git clone repo
envy cloud login
envy cloud clone myproject development
envy run dev -- npm start
```

### Multiple Environments
```bash
# Create separate profiles for each environment
envy profile create staging
envy profile create prod

# Set environment-specific secrets
envy set DATABASE_URL=postgres://dev-db --profile dev
envy set DATABASE_URL=postgres://staging-db --profile staging
envy set DATABASE_URL=postgres://prod-db --profile prod

# Run in different environments
envy run dev -- python app.py
envy run staging -- python app.py
envy run prod -- python app.py
```

### CI/CD Integration
```bash
# In your CI/CD pipeline
pip install envy-secrets
envy cloud login --token $ENVY_TOKEN
envy cloud clone myproject production
envy export --output .env
# Run your build/deploy commands
```

### Secret Rotation
```bash
# Set secrets with expiration
envy set API_KEY=old-key-123 --expires 30d

# Check for expiring secrets
envy check

# Rotate the secret
envy set API_KEY=new-key-456 --expires 30d
```

## Security Best Practices

1. **Never commit `.envy/master.key`** - It's automatically added to `.gitignore`
2. **Use `envy run` instead of `envy export`** - Secrets stay in memory
3. **Set expiration dates** - `envy set KEY=value --expires 30d`
4. **Run `envy check` regularly** - Find stale and expiring secrets

## File Structure

```
your-project/
├── .envy/
│   ├── master.key      # 🔑 Encryption key (NEVER COMMIT!)
│   └── secrets.json    # 🔒 Encrypted secrets (safe to commit)
├── .gitignore          # Auto-updated to ignore sensitive files
└── ...
```

## ❓ FAQ

### How is this different from dotenv?

Envy encrypts your secrets and stores them securely, while dotenv just loads plain-text `.env` files. Envy also supports:
- Multiple environments (profiles)
- Cloud sync for teams
- Secret expiration tracking
- Process injection (secrets never touch disk)

### Can I use this with my existing .env files?

Yes! Use `envy import` to import your existing `.env` file:
```bash
envy import .env
```

### What happens if I lose my master key?

Without the master key (stored in `.envy/master.key`), your secrets cannot be decrypted. **Always back up this file securely** or use cloud sync to share secrets with your team.

### Is it safe to commit `.envy/secrets.json`?

Yes! The `secrets.json` file contains only encrypted data. Without the master key, it cannot be decrypted.

### How do I share secrets with my team?

Use Envy Cloud:
```bash
envy cloud login
envy cloud push
# Team members can then clone the project
```

### Can I use this in production?

Yes! Use `envy run prod -- your-command` to inject secrets directly into your production process without writing them to disk.

### What encryption does Envy use?

Envy uses Fernet (symmetric encryption) which is built on AES-256 in CBC mode with HMAC for authentication.

## 🤝 Contributing

We welcome contributions! Here's how you can help:

### Setting Up Development Environment

```bash
# Clone the repository
git clone https://github.com/KRISHNA-JAIN15/ENVY.git
cd ENVY

# Create virtual environment
python -m venv venv
source venv/bin/activate  # Linux/macOS
.\venv\Scripts\Activate    # Windows

# Install development dependencies
pip install -e ".[dev]"

# Run tests
pytest

# Format code
black .
ruff check .
```

### Contribution Guidelines

1. **Fork the repository** and create a new branch
2. **Make your changes** with clear commit messages
3. **Add tests** for new features
4. **Ensure all tests pass** with `pytest`
5. **Format your code** with `black` and `ruff`
6. **Submit a pull request** with a clear description

### Report Issues

Found a bug or have a feature request? [Open an issue](https://github.com/KRISHNA-JAIN15/ENVY/issues) on GitHub.

## 📄 License

MIT License - see the [LICENSE](LICENSE) file for details.

---

<div align="center">

**Made with ❤️ by [Krishna Jain](https://github.com/KRISHNA-JAIN15)**

⭐ Star us on [GitHub](https://github.com/KRISHNA-JAIN15/ENVY) • 🐦 Follow updates

[Report Bug](https://github.com/KRISHNA-JAIN15/ENVY/issues) • [Request Feature](https://github.com/KRISHNA-JAIN15/ENVY/issues) • [Documentation](https://github.com/KRISHNA-JAIN15/ENVY#readme)

</div>
