{"id":31213721,"url":"https://github.com/atty303/mise-dotenv-sops","last_synced_at":"2025-09-21T08:16:27.568Z","repository":{"id":314361271,"uuid":"1055218258","full_name":"atty303/mise-dotenv-sops","owner":"atty303","description":"Load .env values from YAML/JSON/dotenv with optional SOPS decryption, variable expansion and command substitution — directly from Mise","archived":false,"fork":false,"pushed_at":"2025-09-15T12:50:22.000Z","size":152,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-19T18:59:59.191Z","etag":null,"topics":["dotenv","dotenvx","mise","mise-plugin","sops"],"latest_commit_sha":null,"homepage":"","language":"Lua","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/atty303.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-12T00:25:01.000Z","updated_at":"2025-09-14T07:19:44.000Z","dependencies_parsed_at":"2025-09-12T03:11:09.196Z","dependency_job_id":null,"html_url":"https://github.com/atty303/mise-dotenv-sops","commit_stats":null,"previous_names":["atty303/mise-dotenv-sops"],"tags_count":15,"template":false,"template_full_name":null,"purl":"pkg:github/atty303/mise-dotenv-sops","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atty303%2Fmise-dotenv-sops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atty303%2Fmise-dotenv-sops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atty303%2Fmise-dotenv-sops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atty303%2Fmise-dotenv-sops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/atty303","download_url":"https://codeload.github.com/atty303/mise-dotenv-sops/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atty303%2Fmise-dotenv-sops/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":276210448,"owners_count":25603724,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-21T02:00:07.055Z","response_time":72,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dotenv","dotenvx","mise","mise-plugin","sops"],"created_at":"2025-09-21T08:16:25.488Z","updated_at":"2025-09-21T08:16:27.556Z","avatar_url":"https://github.com/atty303.png","language":"Lua","funding_links":[],"categories":[],"sub_categories":[],"readme":"# mise-dotenv-sops\n\n[![Build](https://github.com/atty303/mise-dotenv-sops/actions/workflows/build.yaml/badge.svg?event=push)](https://github.com/atty303/mise-dotenv-sops/actions/workflows/build.yaml)\n[![MIT](https://img.shields.io/badge/License-MIT-green.svg)](https://github.com/atty303/mise-dotenv-sops/blob/main/LICENSE)\n\nLoad `.env` values from YAML/JSON/dotenv with\noptional [SOPS](https://getsops.io/)\ndecryption, variable expansion (`$VAR`) and command substitution (`$(cmd)`) —\ndirectly from [Mise](https://mise.jdx.dev/).\n\n- Cleanly loads environment variables from `.env`, `.env.yaml`, and `.env.json`\n  files in your\n  project.\n- Decrypts SOPS-encrypted files when needed.\n- Supports `$VAR` expansion and `$(command)` substitution.\n- Respects ordered `MISE_ENV` like `stg,prod` with last-one-wins merging.\n\n## Quickstart\n\n```bash\n# install the plugin (once per machine)\n❯ mise plugin install dotenv-sops https://github.com/atty303/mise-dotenv-sops.git\n\n# in your project\n❯ mise set \"_.dotenv-sops=\"\n❯ echo '{\"URL\":\"http://localhost:3000\"}' \u003e .env.json\n\n# show effective environment\n❯ mise env --dotenv\nURL=http://localhost:3000\n```\n\nA full example is available in [example/complete](./example/complete).\n\n## Features\n\n- Load dotenv, YAML, and JSON `.env` files\n- `MISE_ENV` supports comma-separated ordered environments (e.g. `stg,prod`)\n- Variable expansion: `$VAR`\n- Command substitution: `$(command)`\n- Flatten nested keys using a configurable separator\n- SOPS-aware: auto-decrypt if sops metadata is present\n\n## Requirements\n\n- [`mise`](https://mise.jdx.dev/)\n- `mise use sops` (only when decrypting encrypted files)\n- `mise use yq` (reading plain YAML when `yq = true`)\n\n## Usage\n\nMinimal `mise.toml` (see example/complete for a full version):\n\n```toml\n[env._.dotenv-sops]\n# log level: \"debug\" | \"info\" | \"warn\" | \"error\" | \"off\" (default: \"off\")\nlog = \"off\"\n# allow $(...) command substitution (default: false)\ncommand = false\n# allow $VAR expansion (default: true)\nenv = true\n# separator for flattening nested keys (default: \"_\")\nsep = \"_\"\n# stop on failure; when false, continue and log errors (default: true)\nstrict = true\n# use slower but complete yq parser instead of lua-tinyyaml (default: false)\nyq = false\n```\n\n### SOPS decryption\n\nWhen decrypting a file with the corresponding identity, SOPS will look for a\ntext file name `keys.txt` located in a `sops` subdirectory of your user\nconfiguration directory:\n\n- On Linux, this would be `$XDG_CONFIG_HOME/sops/age/keys.txt`.\n- On macOS, this would be `$HOME/Library/Application Support/sops/age/keys.txt`.\n- On Windows, this would be `%AppData%\\sops\\age\\keys.txt`.\n\nYou can specify the location of this file manually by setting the environment\nvariable `SOPS_AGE_KEY_FILE` or `MISE_SOPS_AGE_KEY_FILE`.\nAlternatively, you can provide the key(s) directly by setting the `SOPS_AGE_KEY`\nor `MISE_SOPS_AGE_KEY` environment variable.\n\n`MISE_SOPS_AGE_KEY` and `MISE_SOPS_AGE_KEY_FILE` are prioritized over\n`SOPS_AGE_KEY` and `SOPS_AGE_KEY_FILE`.\nAnd it can share\nwith [Mise's secrets feature](https://mise.jdx.dev/environments/secrets.html).\n\n### SOPS encryption\n\nNothing special. Just use `sops` CLI.\nSee [SOPS documentation](https://getsops.io/docs/).\n\n### File loading order\n\nFiles are loaded from the current directory only. When `MISE_ENV=ENV1,ENV2`,\nexisting files are read in this order and merged; later entries win.\n\n- `.env`, `.env.json`, `.env.yaml`\n- `.env.local`, `.env.local.json`, `.env.local.yaml`\n- `.env.\u003cENV1\u003e`, `.env.\u003cENV1\u003e.json`, `.env.\u003cENV1\u003e.yaml`\n- `.env.\u003cENV1\u003e.local`, `.env.\u003cENV1\u003e.local.json`, `.env.\u003cENV1\u003e.local.yaml`\n- `.env.\u003cENV2\u003e`, `.env.\u003cENV2\u003e.json`, `.env.\u003cENV2\u003e.yaml`\n- `.env.\u003cENV2\u003e.local`, `.env.\u003cENV2\u003e.local.json`, `.env.\u003cENV2\u003e.local.yaml`\n\n## Tips \u0026 FAQ\n\n- Nothing loaded?\n  - Turn on debug logs to see what’s happening: set `log = \"debug\"` in your\n    `mise.toml`, then run `mise env` to view file discovery, decryption, and\n    resolving steps.\n- Can I reference outer environment variables in expansions?\n  - Yes. Later values in the same file can reference earlier ones, too.\n- Is command substitution risky?\n  - It is disabled by default. Enable only in trusted projects.\n- `mise env --env NAME` doesn’t load variables from `.env.NAME.yaml`\n  - The `--env` global option only affects `mise.toml` loading; it doesn’t\n    affect plugins. Use `MISE_ENV=NAME mise env`.\n- My YAML file is not parsed correctly\n  - Use `yq = true` to use `yq` instead of `lua-tinyyaml`.\n\n## Security notes\n\n- Keep `command = false` unless you fully trust the repository.\n- Review `.env.*` files for unintended secrets before committing.\n\n## Development\n\nLocal link plugin for development:\n\n```bash\nmise plugin link dotenv-sops . --force\n```\n\nRun tests:\n\n```bash\nmise run test\n```\n\nHow tests work:\n\n- Compare `mise env -J` output with each case’s `expected.yaml`.\n- SOPS keys are set temporarily according to `expected.yaml` using\n  `MISE_SOPS_AGE_KEY` / `MISE_SOPS_AGE_KEY_FILE`.\n\n## Roadmap\n\n- [ ] Import another dotenv file from dotenv files\n- [ ] Use cache for speed optimization\n- [ ] Support TOML and INI formats\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatty303%2Fmise-dotenv-sops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fatty303%2Fmise-dotenv-sops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatty303%2Fmise-dotenv-sops/lists"}