{"id":13644664,"url":"https://github.com/m-mizutani/zenv","last_synced_at":"2025-04-05T09:09:16.107Z","repository":{"id":39914859,"uuid":"392477896","full_name":"m-mizutani/zenv","owner":"m-mizutani","description":"Enhanced env command to set environment variable by various method","archived":false,"fork":false,"pushed_at":"2025-03-19T08:11:53.000Z","size":80,"stargazers_count":144,"open_issues_count":1,"forks_count":2,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-03-29T08:09:17.550Z","etag":null,"topics":["environment-variables","shell"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/m-mizutani.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-08-03T22:52:33.000Z","updated_at":"2025-03-19T08:11:12.000Z","dependencies_parsed_at":"2023-11-23T08:14:17.296Z","dependency_job_id":"ca84eeee-bd0f-4251-bc9b-1737a84d9ef9","html_url":"https://github.com/m-mizutani/zenv","commit_stats":{"total_commits":34,"total_committers":2,"mean_commits":17.0,"dds":0.5,"last_synced_commit":"56f5ed3548e7ffa56e60d45d1ba208840c686992"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m-mizutani%2Fzenv","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m-mizutani%2Fzenv/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m-mizutani%2Fzenv/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m-mizutani%2Fzenv/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/m-mizutani","download_url":"https://codeload.github.com/m-mizutani/zenv/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247312082,"owners_count":20918344,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["environment-variables","shell"],"created_at":"2024-08-02T01:02:10.435Z","updated_at":"2025-04-05T09:09:16.074Z","avatar_url":"https://github.com/m-mizutani.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# zenv [![CI](https://github.com/m-mizutani/zenv/actions/workflows/test.yml/badge.svg)](https://github.com/m-mizutani/zenv/actions/workflows/test.yml) [![Security Scan](https://github.com/m-mizutani/zenv/actions/workflows/gosec.yml/badge.svg)](https://github.com/m-mizutani/zenv/actions/workflows/gosec.yml) [![Vuln scan](https://github.com/m-mizutani/zenv/actions/workflows/trivy.yml/badge.svg)](https://github.com/m-mizutani/zenv/actions/workflows/trivy.yml) \u003c!-- omit in toc --\u003e\n\n`zenv` is enhanced `env` command to manage environment variables in CLI.\n\n- Load environment variable from `.env` file by\n    - Static values\n    - Reading file content\n    - Executing command\n- Securely save, generate and get secret values with Keychain, inspired by [envchain](https://github.com/sorah/envchain) (supported only macOS)\n- Replace command line argument with loaded environment variable\n\n## Install \u003c!-- omit in toc --\u003e\n\n```sh\ngo install github.com/m-mizutani/zenv@latest\n```\n\n## Basic Usage\n\n### Set by CLI argument\n\nCan set environment variable in same manner with `env` command\n\n```sh\n$ zenv POSTGRES_DB=your_local_dev_db psql\n```\n\n### Load from `.env` file\n\nAutomatically load `.env` file and\n\n```sh\n$ cat .env\nPOSTGRES_DB=your_local_db\nPOSTGRES_USER=test_user\nPGDATA=/var/lib/db\n$ zenv psql -h localhost -p 15432\n# connecting to your_local_db on localhost:15432 as test_user\n```\n\n### Save and load secret values\n\n```sh\n# save a secret value\n$ zenv secret write @aws-account AWS_SECRET_ACCESS_KEY\nValue: # no echo\n$ zenv secret write @aws-account AWS_ACCESS_KEY_ID\nValue: # no echo\n\n# load a secret value and execute command \"aws s3 ls\"\n$ zenv @aws-account aws s3 ls\n2020-06-19 03:53:13 my-bucket1\n2020-04-18 06:45:44 my-bucket2\n...\n```\n\n`secret write` command format is `zenv secret write \u003cNamespace\u003e \u003cKey\u003e` to save a secret value. In above case, `@aws-account` is *Namespace* and `AWS_SECRET_ACCESS_KEY` \u0026 `AWS_ACCESS_KEY_ID` are *Key (Environment variable name)*. *Namespace* **must** have `@` prefix.\n\n`zenv \u003cNamespace\u003e \u003cCommand\u003e` executes `\u003cCommand\u003e` with loaded secret value(s) from `\u003cNamespace\u003e` as environment variables. If multiple environment variables are saved in the `\u003cNamespace\u003e`, all variables are loaded.\n\n### Mixing CLI, `.env` and secret\n\nAll of CLI argument, loading `.env` and secret can be used in parallel. An example is following.\n\n```sh\n$ zenv secret write @aws-account AWS_SECRET_ACCESS_KEY\nValue: # no echo\n$ cat .env\nAWS_ACCESS_KEY_ID=abcdefghijklmn\n$ zenv @aws-account AWS_REGION=jp-northeast-1 aws s3 ls\n# access to S3 with AWS_SECRET_ACCESS_KEY, AWS_SECRET_ACCESS_KEY and AWS_REGION\n```\n\nAlso, `-e` option specifies a file used as `.env`.\n\n### List loaded variables\n\nYou can see loaded environment variable by zenv with `zenv list \u003c...\u003e` command.\n\n```sh\n$ zenv list @aws-account AWS_REGION=jp-northeast-1\nAWS_REGION=jp-northeast-1\nAWS_ACCESS_KEY_ID=abcdefghijklmn\nAWS_SECRET_ACCESS_KEY=******************************** (hidden)\n```\n\nYou can specify arguments to specify loading environment in same manner with executing command. Of curse secret values loaded from Keychain will be masked.\n\n## Advanced Usage\n\n### Overriding environment variable\n\n`zenv` can override environment variable by multiple `-e` option.\n\n```sh\n$ cat .env\nPOSTGRES_DB=your_local_db\nPOSTGRES_USER=test_user\n$ cat .env.local\nPOSTGRES_DB=your_local_dev_db\n$ zenv -e .env -e .env.local psql\n# Access to your_local_dev_db with test_user\n```\n\nThe priority for loading environment variables is as follows: first, the `-e` option, followed by additional `-e` options, and finally, the arguments of the `zenv` command.\n\n```sh\n$ cat .env1\nCOLOR=blue\n$ cat .env2\nCOLOR=orange\n$ zenv -e .env1 -e .env2 COLOR=red echo %COLOR\nred\n```\n\n### Generate random secure value\n\n`secret generate` subcommand can generate random value like token and save to KeyChain.\n\n```sh\n$ zenv secret generate @my-project MYSQL_PASS\n$ zenv secret generate @my-project -n 8 TMP_TOKEN # set length to 8\n$ zenv list @my-project\nMYSQL_PASS=******************************** (hidden)\nTMP_TOKEN=******** (hidden)\n```\n\n### List namespaces\n\n`secret list` subcommand shows list of namespaces.\n\n```sh\n$ zenv secret list\n@aws\n@local-db\n@staging-db\n```\n\n### Put namespace into .env file\n\nYou can also can put *Namespace* for secret values into `.env` file. Then, `zenv` always loads secret values without *Namespace* argument.\n\n```sh\n$ zenv secret write @aws AWS_SECRET_ACCESS_KEY\nValue # \u003c- input\n\n$ cat .env\n@aws\nAWS_REGION=jp-northeast-1\nAWS_ACCESS_KEY_ID=abcdefghijklmn\n\n$ zenv list\nAWS_REGION=jp-northeast-1\nAWS_ACCESS_KEY_ID=abcdefghijklmn\nAWS_SECRET_ACCESS_KEY=******************************** (hidden)\n```\n\n### Replace value in environment variable with another one\n\n`zenv` replaces words having `%` prefix with existing another environment variable.\n\n```sh\n$ cat .env\nMYTOOL_DB_PASSWD=abc123\nPGPASSWORD=%MYTOOL_DB_PASSWD\n$ zenv list\nMYTOOL_DB_PASSWD=abc123\nPGPASSWORD=abc123\n```\n\n### Replace value in arguments with loaded environment variable\n\n`zenv` replaces words having `%` prefix with loaded environment variable.\n\n```sh\n$ cat .env\nTOKEN=abc123\n$ zenv curl -v -H \"Authorization: bearer %TOKEN\" http://localhost:1234\n(snip)\n\u003e GET /api/v1/alert HTTP/1.1\n\u003e Host: localhost:8080\n\u003e User-Agent: curl/7.64.1\n\u003e Accept: */*\n\u003e Authorization: bearer abc123\n(snip)\n```\n\n### Loading file content to environment variable\n\nSometime, we need to load large content into environment variable. For example, Google OAuth2 credential file is slightly large to write in `.env` file and complicated. `zenv` can load file content into environment variable with `\u0026` prefix.\n\n```sh\n$ cat .env\nGOOGLE_OAUTH_DATA=\u0026tmp/client_secret_00000-abcdefg.apps.googleusercontent.com.json\n$ zenv list\nGOOGLE_OAUTH_DATA={\"web\":{\"client_id\":\"00000...(snip)...\"}}\n$ zenv ./some-oauth-server\n```\n\n### Execute command in `.env` file\n\n`zenv` recognizes environment value as command by surrounding with `` ` `` backquote (backtick). The feature is useful to set short live token that provided CLI command. `zenv` set standard output as value of environment variable.\n\n```sh\n$ cat .env\nGOOGLE_TOKEN=`gcloud auth print-identity-token`\n$ zenv list\nGOOGLE_TOKEN=eyJhbGciOiJS...(snip)\n$ zenv ./some-app-requires-token\n```\n\n### Backup and restore secrets\n\nFor example, when migrating PC, we need to transfer every data including secrets. So backup and restore features are required. `zenv` provides export and import command as following.\n\n```sh\n$ zenv secret write @aws AWS_SECRET_ACCESS_KEY\nValue: # \u003c- input secret\n$ zenv secret export -o backup.json\ninput passphrase: # \u003c- input passphrase\nexported secrets to backup.json\n$ cat backup.json\n{\n  \"CreatedAt\": \"2022-03-27T13:37:06.577827+09:00\",\n  \"Encrypted\": \"wr/s6Z5T4diP6Ihu1318tL2tRA2Ch2LImAB1QEJi0...(snip)...\"\n}\n```\n\n`secret export` command dumps encrypted all secrets to JSON file. You can filter dumped namespace by `-n` option.\n\nAfter that, move `backup.json` to new machine and import it.\n\n```sh\n$ zenv secret import backup.json\ninput passphrase: # \u003c- input passphrase\n$ zenv list @aws\nAWS_SECRET_ACCESS_KEY=******************************** (hidden)\n```\n\nPassphrase must be same when exporting and importing.\n\n## License\n\nApache License 2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fm-mizutani%2Fzenv","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fm-mizutani%2Fzenv","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fm-mizutani%2Fzenv/lists"}