{"id":36545311,"url":"https://github.com/macalbert/envilder","last_synced_at":"2026-04-01T23:56:35.635Z","repository":{"id":257805617,"uuid":"859829892","full_name":"macalbert/envilder","owner":"macalbert","description":"🚀 Envilder is a CLI that securely centralizes your environment variables from AWS SSM as a single source of truth","archived":false,"fork":false,"pushed_at":"2026-01-02T20:49:57.000Z","size":12638,"stargazers_count":130,"open_issues_count":1,"forks_count":4,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-01-07T19:42:18.416Z","etag":null,"topics":["automation","aws","aws-cli","aws-ssm-parameters","ci-cd","config","dev-experience","dev-tools","devops","dotenv","env","envfile","environment-variables","parameter-store","pipelines-library","secrets","secrets-management","secure","ssm"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/envilder","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/macalbert.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/SECURITY.md","support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-09-19T10:58:20.000Z","updated_at":"2026-01-02T20:50:01.000Z","dependencies_parsed_at":null,"dependency_job_id":"3a69e425-4571-4cd1-a6ed-0e220ca3298b","html_url":"https://github.com/macalbert/envilder","commit_stats":null,"previous_names":["macalbert/envilder"],"tags_count":21,"template":false,"template_full_name":null,"purl":"pkg:github/macalbert/envilder","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/macalbert%2Fenvilder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/macalbert%2Fenvilder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/macalbert%2Fenvilder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/macalbert%2Fenvilder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/macalbert","download_url":"https://codeload.github.com/macalbert/envilder/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/macalbert%2Fenvilder/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28336048,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T00:36:25.062Z","status":"online","status_checked_at":"2026-01-12T02:00:08.677Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","aws","aws-cli","aws-ssm-parameters","ci-cd","config","dev-experience","dev-tools","devops","dotenv","env","envfile","environment-variables","parameter-store","pipelines-library","secrets","secrets-management","secure","ssm"],"created_at":"2026-01-12T06:00:08.023Z","updated_at":"2026-04-01T23:56:35.624Z","avatar_url":"https://github.com/macalbert.png","language":"TypeScript","readme":"# 🗝️ Envilder ☁️\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/user-attachments/assets/8a7188ef-9d8d-45fb-8c37-3af718fb5103\" alt=\"Envilder\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003eAutomate .env and secret management with Envilder\u003c/b\u003e\u003cbr\u003e\n  \u003cspan\u003eStreamline your environment setup with AWS SSM Parameter Store or Azure Key Vault\u003c/span\u003e\n\u003c/p\u003e\n\n![CodeRabbit Pull Request Reviews](https://img.shields.io/coderabbit/prs/github/macalbert/envilder?utm_source=oss\u0026utm_medium=github\u0026utm_campaign=macalbert%2Fenvilder\u0026labelColor=171717\u0026color=FF570A\u0026link=https%3A%2F%2Fcoderabbit.ai\u0026label=CodeRabbit+Reviews)\n\n[![npm version](https://img.shields.io/npm/v/envilder.svg)](https://www.npmjs.com/package/envilder)\n[![npm downloads](https://img.shields.io/npm/dm/envilder.svg)](https://npmcharts.com/compare/envilder)\n[![CI Tests](https://github.com/macalbert/envilder/actions/workflows/tests.yml/badge.svg)](https://github.com/macalbert/envilder/actions/workflows/tests.yml)\n[![Coverage Report](https://img.shields.io/badge/coverage-report-green.svg)](https://macalbert.github.io/envilder/)\n[![Known Vulnerabilities](https://snyk.io/test/github/macalbert/envilder/badge.svg)](https://snyk.io/test/github/macalbert/envilder)\n[![MIT License](https://img.shields.io/badge/license-MIT-blue.svg)](./LICENSE)\n\n## Why centralize environment variables?\n\nEnvilder is a CLI tool for .env automation, cloud secrets management, and secure environment variable sync.\nGenerating and maintaining consistent .env files is a real pain point for any development team. From outdated\nsecrets to insecure practices, the risks are tangible. Envilder eliminates these pitfalls by centralizing and\nautomating secret management across real-world environments (dev, test, production) in a simple, secure, and\nefficient way. Use Envilder to automate .env files, sync secrets with AWS SSM Parameter Store or Azure Key Vault,\nand streamline onboarding and CI/CD workflows.\n\n---\n\n## ❗ What Envilder solves\n\n- Desync between environments (dev, prod)\n- Secrets not properly propagated across team members\n- CI/CD pipeline failures due to outdated or missing .env files\n- Slow and manual onboarding processes\n- Security risks from sharing secrets via Slack, email, or other channels\n- Insecure .env practices and manual secret sharing\n\n## ✅ How Envilder makes life easier\n\n- 🛡️ Centralizes secrets in AWS SSM Parameter Store or Azure Key Vault\n- ☁️ Multi-provider support — choose `aws` or `azure` with the `--provider` flag\n- ⚙️ Generates .env files automatically for every environment\n- 🔄 Applies changes idempotently and instantly\n- 🔐 Improves security: no need to share secrets manually; everything is managed via your cloud provider\n- 👥 Simplifies onboarding and internal rotations\n- 🚀 Enables cloud-native, infrastructure-as-code secret management\n- 🤖 Perfect for DevOps, CI/CD, and team sync\n\n---\n\n## 📚 Table of Contents\n\n- [🗝️ Envilder ☁️](#️-envilder-️)\n  - [Why centralize environment variables?](#why-centralize-environment-variables)\n  - [❗ What Envilder solves](#-what-envilder-solves)\n  - [✅ How Envilder makes life easier](#-how-envilder-makes-life-easier)\n  - [📚 Table of Contents](#-table-of-contents)\n  - [⚙️ Features](#️-features)\n    - [🧱 Feature Status](#-feature-status)\n  - [💾 Installation](#-installation)\n    - [🤖 GitHub Action](#-github-action)\n  - [🚀 Quick Start](#-quick-start)\n    - [🎥 Video Demonstration](#-video-demonstration)\n    - [🏁 Get Started (3 steps)](#-get-started-3-steps)\n      - [AWS SSM (default)](#aws-ssm-default)\n      - [Azure Key Vault](#azure-key-vault)\n    - [📚 Quick Links](#-quick-links)\n  - [🗺️ Mapping File Format](#️-mapping-file-format)\n    - [Basic Format (AWS SSM — default)](#basic-format-aws-ssm--default)\n    - [With `$config` (explicit provider)](#with-config-explicit-provider)\n    - [`$config` Options](#config-options)\n    - [Configuration Priority](#configuration-priority)\n  - [🛠️ How it works](#️-how-it-works)\n  - [Frequently Asked Questions (FAQ)](#frequently-asked-questions-faq)\n  - [🔍 Envilder vs. Alternatives](#-envilder-vs-alternatives)\n    - [Secrets sync tools (direct alternatives)](#secrets-sync-tools-direct-alternatives)\n    - [Runtime \\\u0026 credential tools (not direct alternatives)](#runtime--credential-tools-not-direct-alternatives)\n    - [When to use what](#when-to-use-what)\n    - [Why choose Envilder?](#why-choose-envilder)\n    - [Where Envilder fits best](#where-envilder-fits-best)\n  - [🏁 Roadmap](#-roadmap)\n  - [🤝 Contributing](#-contributing)\n  - [💜 Sponsors](#-sponsors)\n  - [📜 License](#-license)\n\n---\n\n## ⚙️ Features\n\n- 🔒 **Strict access control** — IAM policies (AWS) or RBAC (Azure) define access to secrets across stages\n(dev, staging, prod)\n- 📊 **Auditable** — All reads/writes are logged in AWS CloudTrail or Azure Monitor\n- 🧩 **Single source of truth** — No more Notion, emails or copy/paste of envs\n- 🔁 **Idempotent sync** — Only what's in your map gets updated. Nothing else is touched\n- 🧱 **Zero infrastructure** — Fully based on native cloud services. No Lambdas, no servers, no fuss\n\n### 🧱 Feature Status\n\n- 🤖 **GitHub Action** — [Integrate directly in CI/CD workflows](./github-action/README.md)\n- 📤 **Push \u0026 Pull** — Bidirectional sync between local `.env` and your cloud provider\n- ☁️ **Multi-provider** — AWS SSM Parameter Store and Azure Key Vault\n- 🎯 **AWS Profile support** — Use `--profile` flag for multi-account setups\n\n---\n\n## 💾 Installation\n\n🛠 Requirements:\n\n- Node.js **v20+** (cloud-native compatible)\n- **AWS provider**: AWS CLI installed and configured; IAM user/role with `ssm:GetParameter`, `ssm:PutParameter`\n- **Azure provider**: Azure CLI installed; vault URL configured via\n`$config.vaultUrl` in your map file or `--vault-url` flag\n\n```bash\npnpm add -g envilder\n```\n\nOr use your preferred package manager:\n\n```bash\nnpm install -g envilder\n```\n\n\u003e 💡 **Want to try without installing?** Run `npx envilder --help` to explore the CLI instantly.\n\u003e\n\u003e 💡 **New to AWS SSM?** AWS Systems Manager Parameter Store provides secure storage for configuration data and secrets:\n\u003e\n\u003e - [AWS SSM Parameter Store Overview](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html)\n\u003e - [Setting up AWS CLI credentials](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html)\n\u003e - [IAM permissions for SSM](https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html)\n\u003e\n\u003e 💡 **New to Azure Key Vault?** Azure Key Vault safeguards cryptographic keys and secrets used by cloud apps:\n\u003e\n\u003e - [Azure Key Vault Overview](https://learn.microsoft.com/en-us/azure/key-vault/general/overview)\n\u003e - [Setting up Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli)\n\u003e - [Key Vault access policies](https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy)\n\n### 🤖 GitHub Action\n\nUse Envilder directly in your CI/CD workflows with our official GitHub Action:\n\n**AWS SSM (default):**\n\n```yaml\n- name: Configure AWS Credentials\n  uses: aws-actions/configure-aws-credentials@v5\n  with:\n    role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}\n    aws-region: us-east-1\n\n- name: Pull secrets from AWS SSM\n  uses: macalbert/envilder/github-action@v0.8.0\n  with:\n    map-file: param-map.json\n    env-file: .env\n```\n\n**Azure Key Vault:**\n\n```yaml\n- name: Azure Login\n  uses: azure/login@v2\n  with:\n    client-id: ${{ secrets.AZURE_CLIENT_ID }}\n    tenant-id: ${{ secrets.AZURE_TENANT_ID }}\n    subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}\n\n- name: Pull secrets from Azure Key Vault\n  uses: macalbert/envilder/github-action@v0.8.0\n  with:\n    map-file: param-map.json\n    env-file: .env\n    provider: azure\n    vault-url: ${{ secrets.AZURE_KEY_VAULT_URL }}\n```\n\n📖 **[View full GitHub Action documentation](./github-action/README.md)**\n\n---\n\n## 🚀 Quick Start\n\n### 🎥 Video Demonstration\n\nWatch how easy it is to automate your .env management in less than 1 minute:  \n\n![Watch the video](https://github.com/user-attachments/assets/9f194143-117d-49f3-a6fb-f400040ea514)\n\n### 🏁 Get Started (3 steps)\n\nAfter configuring your cloud provider credentials, you can begin managing your secrets.\n\n#### AWS SSM (default)\n\n1. **Create a mapping file:**\n\n   ```json\n   {\n     \"DB_PASSWORD\": \"/my-app/db/password\"\n   }\n   ```\n\n2. **Push a secret to AWS SSM:**\n\n   ```bash\n   envilder --push --key=DB_PASSWORD --value=12345 --secret-path=/my-app/db/password\n   ```\n\n3. **Generate your .env file from AWS SSM:**\n\n   ```bash\n   envilder --map=param-map.json --envfile=.env\n   ```\n\n#### Azure Key Vault\n\n1. **Add `$config` to your mapping file:**\n\n   ```json\n   {\n     \"$config\": {\n       \"provider\": \"azure\",\n       \"vaultUrl\": \"https://my-vault.vault.azure.net\"\n     },\n     \"DB_PASSWORD\": \"my-app-db-password\"\n   }\n   ```\n\n2. **Pull secrets from Azure Key Vault:**\n\n   ```bash\n   envilder --map=param-map.json --envfile=.env\n   ```\n\n   Or use CLI flags to override:\n\n   ```bash\n   envilder --provider=azure --vault-url=https://my-vault.vault.azure.net --map=param-map.json --envfile=.env\n   ```\n\nYour secrets are now managed and versioned from your cloud provider. Add `.env` to your `.gitignore` for security.\nEnvilder is designed for automation, onboarding, and secure cloud-native workflows.\n\n### 📚 Quick Links\n\n- [📖 Full Documentation](https://envilder.com) — Visit envilder.com for the complete guide\n- [Requirements \u0026 Installation](docs/requirements-installation.md)\n- [Push Command Guide](docs/push-command.md)\n- [Pull Command Guide](docs/pull-command.md)\n\n---\n\n## 🗺️ Mapping File Format\n\nThe mapping file (`param-map.json`) is the core of Envilder. It maps environment variable names to secret paths\nin your cloud provider. You can optionally include a `$config` section to declare which provider and settings to use.\n\n### Basic Format (AWS SSM — default)\n\nWhen no `$config` is present, Envilder defaults to AWS SSM Parameter Store:\n\n```json\n{\n  \"API_KEY\": \"/myapp/prod/api-key\",\n  \"DB_PASSWORD\": \"/myapp/prod/db-password\",\n  \"SECRET_TOKEN\": \"/myapp/prod/secret-token\"\n}\n```\n\nValues are SSM parameter paths (e.g., `/myapp/prod/api-key`).\n\n### With `$config` (explicit provider)\n\nAdd a `$config` key to declare the provider and its settings. Envilder reads `$config` for configuration\nand uses all other keys as secret mappings:\n\n**AWS SSM with profile:**\n\n```json\n{\n  \"$config\": {\n    \"provider\": \"aws\",\n    \"profile\": \"prod-account\"\n  },\n  \"API_KEY\": \"/myapp/prod/api-key\",\n  \"DB_PASSWORD\": \"/myapp/prod/db-password\"\n}\n```\n\n**Azure Key Vault:**\n\n```json\n{\n  \"$config\": {\n    \"provider\": \"azure\",\n    \"vaultUrl\": \"https://my-vault.vault.azure.net\"\n  },\n  \"API_KEY\": \"myapp-prod-api-key\",\n  \"DB_PASSWORD\": \"myapp-prod-db-password\"\n}\n```\n\n\u003e **Azure naming:** Key Vault secret names only allow alphanumeric characters and hyphens.\n\u003e Envilder automatically normalizes names — slashes and underscores become hyphens\n\u003e (e.g., `/myapp/db/password` → `myapp-db-password`).\n\n### `$config` Options\n\n| Key | Type | Default | Description |\n| --- | --- | --- | --- |\n| `provider` | `\"aws\"` \\| `\"azure\"` | `\"aws\"` | Cloud provider to use |\n| `vaultUrl` | `string` | — | Azure Key Vault URL (required when `provider` is `\"azure\"`) |\n| `profile` | `string` | — | AWS CLI profile for multi-account setups (AWS only) |\n\n### Configuration Priority\n\nCLI flags and GitHub Action inputs always override `$config` values:\n\n```txt\nCLI flags / GHA inputs  \u003e  $config in map file  \u003e  defaults (AWS)\n```\n\nThis means you can set a default provider in `$config` and override it per invocation:\n\n```bash\n# Uses $config from the map file\nenvilder --map=param-map.json --envfile=.env\n\n# Overrides provider and vault URL from the map file\nenvilder --provider=azure --vault-url=https://other-vault.vault.azure.net --map=param-map.json --envfile=.env\n```\n\n---\n\n## 🛠️ How it works\n\n```mermaid\ngraph LR\n    A[\"Mapping File (param-map.json)\"] --\u003e B[Envilder]:::core\n    C[\"Environment File (.env or --key)\"] --\u003e B\n    D[\"Cloud Credentials (AWS or Azure)\"]:::cloud --\u003e B\n    E[\"AWS SSM / Azure Key Vault\"]:::cloud --\u003e B\n    B --\u003e F[\"Pull/Push Secrets\"]\n\n    classDef cloud fill:#ffcc66,color:#000000,stroke:#333,stroke-width:1.5px;\n    classDef core fill:#1f3b57,color:#fff,stroke:#ccc,stroke-width:2px;\n```\n\n1. Define mappings in a JSON file: `{\"DB_PASSWORD\": \"/myapp/db/password\"}`\n2. **Pull** secrets into a `.env` file: `envilder --map=param-map.json --envfile=.env`\n3. **Push** local values back: `envilder --push --map=param-map.json --envfile=.env`\n4. Envilder syncs secrets securely with AWS SSM or Azure Key Vault using your cloud credentials\n5. Use `--provider=azure` to switch from the default AWS provider\n6. Result: your secrets are always up-to-date, secure, and ready for any environment\n\n---\n\n## Frequently Asked Questions (FAQ)\n\n**Q: What is Envilder?**  \nA: Envilder is a CLI tool for automating .env and secret management using AWS SSM Parameter Store or Azure Key Vault.\n\n**Q: Which cloud providers are supported?**  \nA: AWS SSM Parameter Store (default) and Azure Key Vault. Use `--provider=azure` to switch providers.\n\n**Q: How does Envilder improve security?**  \nA: Secrets are never stored in code or shared via chat/email. All secrets are managed and synced securely via your\ncloud provider.\n\n**Q: Can I use Envilder in CI/CD pipelines?**  \nA: Yes! Use the official [Envilder GitHub Action](./github-action/README.md) to pull secrets directly\nin your workflows — no extra setup needed.\n\n**Q: Does Envilder support multiple AWS profiles?**  \nA: Yes, you can use the `--profile` flag to select different AWS credentials.\n\n**Q: How do I configure Azure Key Vault?**  \nA: Add a `$config` section to your map file with `\"provider\": \"azure\"` and `\"vaultUrl\": \"https://my-vault.vault.azure.net\"`,\nor use `--provider=azure --vault-url=https://my-vault.vault.azure.net` CLI flags. Authentication uses Azure\nDefault Credentials (Azure CLI, managed identity, etc.).\n\n**Q: What environments does Envilder support?**  \nA: Any environment supported by your cloud provider—dev, test, staging, production, etc.\n\n**Q: Is Envilder open source?**  \nA: Yes, licensed under MIT.\n\n---\n\n## 🔍 Envilder vs. Alternatives\n\nEnvilder is not a secrets manager. It is a **deterministic projection layer** from cloud secret\nstores into `.env` files. It does not store secrets, does not require a backend, and integrates\ncleanly into CI/CD pipelines.\n\nTo make a fair comparison, it's important to separate tools by what they actually do:\n\n### Secrets sync tools (direct alternatives)\n\nThese tools manage secrets as data and project them into `.env` or runtime:\n\n| Feature | Envilder | dotenv-vault | infisical |\n|---------|----------|-------------|----------|\n| **Source of truth** | External (SSM / Key Vault) | dotenv vault (SaaS) | Infisical backend |\n| **Sync direction** | Bidirectional | Pull only | Bidirectional |\n| **Declarative mapping** | ✅ JSON mapping | ❌ | ❌ |\n| **Multi-provider (AWS + Azure)** | ✅ | ❌ | ⚠️ (primarily its own backend) |\n| **Local `.env` generation** | ✅ | ✅ | ✅ |\n| **CI/CD integration** | ✅ Native GitHub Action | Manual | ✅ Native |\n| **Requires SaaS** | ❌ | ✅ | Optional |\n| **Self-hosted** | N/A (no server needed) | ❌ | ✅ |\n| **Complexity** | Low | Low | Medium |\n| **Vendor lock-in** | Low | High | Medium |\n| **Open source** | ✅ MIT | Partial | ✅ |\n\n### Runtime \u0026 credential tools (not direct alternatives)\n\nThese tools serve different purposes and are better seen as **complements**, not competitors:\n\n| Tool | Purpose | Manages app secrets? | Works with `.env`? |\n|------|---------|---------------------|-------------------|\n| **chamber** | Injects SSM params at runtime (`exec` with env) | ❌ | ❌ |\n| **aws-vault** | Safely assumes AWS IAM roles / STS credentials | ❌ | ❌ |\n\n### When to use what\n\n- **Need a full vault with its own backend?** → [Infisical](https://infisical.com)\n- **Need SaaS simplicity for `.env` sync?** → [dotenv-vault](https://www.dotenv.org/vault)\n- **Need a projection layer from existing cloud stores?** → **Envilder**\n\n### Why choose Envilder?\n\nIf you already use AWS SSM or Azure Key Vault and want a lightweight, zero-infrastructure CLI\nthat generates `.env` files from a declarative JSON mapping — without a SaaS dependency or extra\nservers — Envilder is the simplest path.\n\nEnvilder also brings unique strengths in **determinism** and **testability**:\n\n- **Versioned mappings** — your `param-map.json` lives in source control, making secret\n  projections reproducible across environments\n- **Mockable architecture** — hexagonal design with port interfaces makes offline testing\n  and CI validation straightforward\n- **Audit trail** — all reads/writes are logged by your cloud provider\n  (AWS CloudTrail / Azure Monitor), not by a third-party SaaS\n\n### Where Envilder fits best\n\nEnvilder generates `.env` files on disk. This is ideal for:\n\n- **Local development** — onboard new team members with a single command\n- **CI/CD pipelines** — inject secrets at build time without hardcoding them\n- **SSG/SSR builds** — frameworks like Next.js, Nuxt, or Astro that read env vars at build time\n\nFor **production runtime**, container orchestrators (ECS, Kubernetes) and platform services\n(Vercel, Fly.io) can inject secrets directly as environment variables — no `.env` file needed.\nIn those cases, prefer native secret injection over writing secrets to disk.\n\n\u003e **Coming soon:** An `--exec` mode is planned to inject secrets directly into a child process\n\u003e without writing to disk (e.g., `envilder exec -- node server.js`). See the [Roadmap](./ROADMAP.md).\n\n---\n\n## 🏁 Roadmap\n\nWe're continuously improving Envilder based on community feedback. Upcoming features include:\n\n- ✅ **Azure Key Vault support** — now available alongside AWS SSM\n- � **Exec mode** — inject secrets into a child process without writing to disk\n- 🔍 **Check/sync mode** for drift detection\n- 🌐 **Documentation website** — dedicated docs site with guides and examples\n- 🧠 **Auto-discovery** for bulk parameter fetching\n- 🔌 **More backends** (HashiCorp Vault, GCP Secret Manager, etc.)\n\n👉 **[View full roadmap with priorities](./ROADMAP.md)**\n\n---\n\n## 🤝 Contributing\n\nAll help is welcome — PRs, issues, ideas!\n\n- 🔧 Use our [Pull Request Template](.github/pull_request_template.md)\n- 🧪 Add tests where possible\n- 💬 Feedback and discussion welcome\n- 🏗️ Check our [Architecture Documentation](./docs/architecture/README.md)\n- 🔒 Review our [Security Policy](./docs/SECURITY.md)\n\n---\n\n## 💜 Sponsors\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://localstack.cloud\" target=\"_blank\" rel=\"noopener noreferrer\"\u003e\n    \u003cpicture\u003e\n      \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"./src/website/public/localstack-logo-horizontal-Light.svg\"\u003e\n      \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"./src/website/public/localstack-logo-horizontal-Dark.svg\"\u003e\n      \u003cimg src=\"./src/website/public/localstack-logo-horizontal-Dark.svg\" alt=\"LocalStack\" height=\"40\"\u003e\n    \u003c/picture\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  Proudly supported by \u003ca href=\"https://localstack.cloud\"\u003eLocalStack\u003c/a\u003e — powering Envilder's integration tests.\n\u003c/p\u003e\n\n---\n\n## 📜 License\n\nMIT © [Marçal Albert](https://github.com/macalbert)  \nSee [LICENSE](./LICENSE) | [CHANGELOG](./docs/CHANGELOG.md) | [Security Policy](./docs/SECURITY.md)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmacalbert%2Fenvilder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmacalbert%2Fenvilder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmacalbert%2Fenvilder/lists"}