Metadata-Version: 2.4
Name: safe-env
Version: 0.1.1
Summary: Safe Environment Manager allows to manage secrets in environment variables in a safe way.
Author: Antons Mislevics
License-File: LICENSE
Requires-Python: >=3.10
Requires-Dist: artifacts-keyring>=0.4.0
Requires-Dist: azure-identity>=1.19.0
Requires-Dist: azure-keyvault-secrets>=4.9.0
Requires-Dist: jmespath>=1.0.1
Requires-Dist: keyring>=25.5.0
Requires-Dist: omegaconf>=2.3.0
Requires-Dist: pydantic>=2.10.2
Requires-Dist: pyyaml>=6.0.2
Requires-Dist: tabulate>=0.9.0
Requires-Dist: typer>=0.14.0
Description-Content-Type: text/markdown

# Safe Environment Manager (safe-env)
*Safe Environment Manager* allows to manage secrets in environment variables in a safe way.
To achieve this, safe-env follows a set of principles:
1. Configurations for different environments are stored in a set of yaml files, that have no secrets and can be safely pushed to git repository.
0. Secrets are never written to local files, even temporarily (Note: also it is possible to save the output in the file, this is not recommended, and should be considered only as an exception for short term temporary use).
0. Secrets are stored in one of the following safe locations:
    - the resource itself (for example, access key in Azure Storage Account configuration);
    - external vault (for example, Azure KeyVault);
    - local keyring;
    - environment variables (in memory).
0. Access to required resources and vaults is controlled via standard user authentication mechanisms (for example, `az login` or interactive browser login for Azure).

# Getting started
## How to install?
The package is still in active development and can be installed directly from git repository:
```bash
python -m pip install git+https://github.com/antonsmislevics/safe-env.git
```

If using uv, it can be installed globally as a tool or as a dev dependency in specific project:
```bash
# install as a tool
uv tool install git+https://github.com/antonsmislevics/safe-env.git

# add as dev dependency
uv add --dev git+https://github.com/antonsmislevics/safe-env.git
```

The package does not require to be installed in the same environment that is used for development.

## How to use?
### Defining environment configuration files
To start using `safe-env` you first need to create environment configuration files. By default the tool looks for these files in *./envs* folder. However, custom path can be provided via `--config-dir` option.

Configuration files are based on OmegaConf (https://omegaconf.readthedocs.io, https://github.com/omry/omegaconf), and have only two special sections.
```yaml
depends_on:     # the list of "parent" environment configurations (optional)
envs:           # dictionary with resulting environment variables
```

Configuration files can be parametrized using standard OmegaConf variable interpolation and resolvers.

