{"id":22307278,"url":"https://github.com/veinar/envcloak","last_synced_at":"2025-09-11T21:50:30.490Z","repository":{"id":263689476,"uuid":"891180673","full_name":"Veinar/envcloak","owner":"Veinar","description":"A secure and easy-to-use tool for managing sensitive data with built-in encryption, decryption, and key management. Protect your secrets during development, testing, and deployment with CLI command + Python library support.","archived":false,"fork":false,"pushed_at":"2024-12-14T00:54:27.000Z","size":290,"stargazers_count":18,"open_issues_count":1,"forks_count":7,"subscribers_count":1,"default_branch":"develop","last_synced_at":"2025-06-22T03:45:49.393Z","etag":null,"topics":["cicd","cicd-pipeline","cli-tool","decryption","devops","encryption","encryption-decryption","env","environment-variables","python-library","secret-management","secret-sharing","secrets","security","sensitive-data-security","tool","tooling","tools","validation"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Veinar.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-19T21:45:16.000Z","updated_at":"2024-12-31T10:43:53.000Z","dependencies_parsed_at":"2024-12-04T13:34:16.101Z","dependency_job_id":"bd877083-f1cc-40d0-bc69-4fef1276166b","html_url":"https://github.com/Veinar/envcloak","commit_stats":null,"previous_names":["veinar/envcloak"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/Veinar/envcloak","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Veinar%2Fenvcloak","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Veinar%2Fenvcloak/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Veinar%2Fenvcloak/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Veinar%2Fenvcloak/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Veinar","download_url":"https://codeload.github.com/Veinar/envcloak/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Veinar%2Fenvcloak/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267049724,"owners_count":24027357,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-25T02:00:09.625Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cicd","cicd-pipeline","cli-tool","decryption","devops","encryption","encryption-decryption","env","environment-variables","python-library","secret-management","secret-sharing","secrets","security","sensitive-data-security","tool","tooling","tools","validation"],"created_at":"2024-12-03T20:09:22.235Z","updated_at":"2025-07-29T05:32:14.430Z","avatar_url":"https://github.com/Veinar.png","language":"Python","readme":"\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://veinar.pl/envcloak.png\" alt=\"logo\" width=\"350\"/\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\" style=\"background-color:#FF0000; color:white; padding:10px; border-radius:8px; font-size:14px; line-height:1.5;\"\u003e\n⚠️ \u003cstrong\u003eIMPORTANT NOTE: EnvCloak is NOT Limited to .env Files!\u003c/strong\u003e⚠️\u003cbr\u003e \nEnvCloak was originally built to secure \u003cb\u003e.env\u003c/b\u003e files, but it can encrypt and decrypt \u003cstrong\u003eany file type\u003c/strong\u003e.\u003cbr\u003e\nUse it for \u003ci\u003e.json\u003c/i\u003e, \u003ci\u003e.yaml\u003c/i\u003e, \u003ci\u003e.txt\u003c/i\u003e, \u003ci\u003ebinary files\u003c/i\u003e, or \u003ci\u003eany sensitive data.\u003c/i\u003e\u003cbr\u003e\n\u003cbr\u003e\n\u003cspan style=\"font-style:italic;\"\u003eThe name may be misleading, but the tool is far more versatile than it suggests!\u003c/span\u003e\n\u003c/p\u003e\n\n# 🔒 EnvCloak\n\n\u003e \"Because Your Secrets Deserve Better Than Plaintext!\"\n\n![GitHub License](https://img.shields.io/github/license/Veinar/envcloak)\n![Contrib Welcome](https://img.shields.io/badge/contributions-welcome-blue)\n![Looking for](https://img.shields.io/badge/looking%20for-maintainers-228B22)\n![Code style](https://img.shields.io/badge/code%20style-black-black)\n![CI/CD Pipeline](https://github.com/Veinar/envcloak/actions/workflows/test.yaml/badge.svg)\n![Build Pipeline](https://github.com/Veinar/envcloak/actions/workflows/build.yaml/badge.svg)\n[![codecov](https://codecov.io/gh/Veinar/envcloak/graph/badge.svg?token=CJG1H1VUEX)](https://codecov.io/gh/Veinar/envcloak)\n[![CodeFactor](https://www.codefactor.io/repository/github/veinar/envcloak/badge)](https://www.codefactor.io/repository/github/veinar/envcloak)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9736/badge)](https://www.bestpractices.dev/projects/9736)\n\n![PyPI - Status](https://img.shields.io/pypi/status/envcloak?label=pypi%20status)\n![PyPI - Version](https://img.shields.io/pypi/v/envcloak)\n![PyPI - Downloads](https://img.shields.io/pypi/dm/envcloak)\n![PyPI - Python Version](https://img.shields.io/pypi/pyversions/envcloak)\n\n\n\nWelcome to EnvCloak, the ultimate sidekick for developers, ops folks, and anyone who’s ever accidentally committed an API key to version control. (Yes, I know… it happens to the best of us. 😅) EnvCloak takes the stress out of managing environment variables by wrapping them in the cozy blanket of encryption, so you can focus on building awesome things—without the lingering fear of a security breach.\n\n\u003e If you find EnvCloak useful, please ⭐ the repository. It helps others discover this project! - thank you!\n\n## 🛠️ Installation\n\nIn order to install `envcloak` simply run:\n```bash\npip install envcloak\n```\nor if you want `dev` tools too 😎:\n```bash\npip install envcloak[dev]\n```\n\n\u003e 👋 There are also [self-contained binaries](examples/cli/README.md#get-yourself-a-envcloak-without-requirement-to-use-python-) for `Windows`, `Linux` and `MacOS`, don't have to use python at all! 🥳\n\n## 🚀 Example Workflow\n\n\u003e ℹ️ More examples are present in [examples](./examples) section.\n\n### Generating key:\n\n```bash\n# With password and salt\nenvcloak generate-key-from-password --password \"YourTopSecretPassword\" \\\n--salt \"e3a1c8b0d4f6e2c7a5b9d6f0cr2ad1a2\" --output secretkey.key\n\n# With password without salt (we will add random salt then)\nenvcloak generate-key-from-password --password \"YourTopSecretPassword\" --output secretkey.key\n\n# From random password and salt\nenvcloak generate-key --output secretkey.key\n```\n\n![generate-key-gif](https://veinar.pl/envcloak-generate-key.gif)\n\n\u003e **What it does:** generates your private key used to encrypt and decrypt files. **Appends (or creates if needed) .gitignore as well** as super-hero should! 🎉\n\n\u003e ⚠ **If someone knows your password and salt (option 1) can recreate same `key` - keep those variables safe as `key` itself** ⚠\n\n### Encrypting Variables:\n\n\u003e ⚠️ This tool allows to encrypt more `.env` is just an example! 😎\n\n```bash\nenvcloak encrypt --input .env --output .env.enc --key-file mykey.key\n```\n\n![encrypt-gif](https://veinar.pl/envcloak-encrypt.gif)\n\n\u003e **What it does:** Encrypts your `.env` file with a specified key, outputting a sparkling `.env.enc` file.\n\n### Decrypting Variables:\n\n```bash\nenvcloak decrypt --input .env.enc --output .env --key-file mykey.key\n```\n\n![decrypt-gif](https://veinar.pl/envcloak-decrypt.gif)\n\n\u003e **What it does:** Decrypts the `.env.enc` file back to `.env` using the same key. Voilà!\n\nor you may want to use it ...\n\n### 🐍 In Your Python Code\n\n```python\nfrom envcloak import load_encrypted_env\n\nload_encrypted_env('.env.enc', key_file='mykey.key').to_os_env()\n# Now os.environ contains the decrypted variables\n\n```\n\u003e **What it does:** Loads decrypted variables directly into `os.environ`. Secrets delivered, stress-free.\n\n## 🛠️ Implementation Details\n🔑 Encryption Algorithm\n\n* Powered by AES-256-GCM for speed and security.\n* Provides [`sha3` validation](docs/sha_validation.md) of files and content.\n\n🗝️ Key Storage\n\n* Local key files with strict permissions.\n* Secure environment variables for CI/CD systems.\n\n🗂️ File Handling\n\n* Works with individual files.\n* Works with directories using `--directory` instead of `--input` on `encrypt` and `decrypt`.\n\u003e ℹ️ EnvCloak process files in batch one-by-one. \n* Can [recursively](docs/recursive.md) encrypt or decrypt directories.\n* Can list files in directory that will be encrypted using `--preview` flag (ℹ️ only for directories and it does not commit the operation!).\n\n🚦 Error Handling\n\n* Clear, friendly error messages for any hiccups.\n* Gracefully handles missing keys or corrupted files.\n\n✅ Compatibility of pipelines and systems\n\n* k8s / OKD / OCP deployments\n* Jenkins pipelines\n* Azure Pipelines\n* Github Workflows\n* Gitlab CI/CD Pipelines\n\n\n## 🎉 Why EnvCloak?\n\nBecause you deserve peace of mind. EnvCloak wraps your environment variables in layers of encryption goodness, protecting them from prying eyes and accidental slips. Whether you’re a solo dev or part of a big team, this tool is here to make managing secrets simple, secure, and downright pleasant.\n\nSo go ahead—secure your `.env` like a boss. And remember, EnvCloak isn’t just a tool; it’s your secret-keeping partner in crime. (But the good kind of crime. 😎)\n\n### Comparison of EnvCloak with Alternatives\n\n| Tool          | Strengths                               | Weaknesses                              |\n|---------------|----------------------------------------|-----------------------------------------|\n| **EnvCloak**  | Lightweight, Python-native, simple to integrate with CI/CD workflows. | Limited ecosystem compared to established tools. |\n| [**Sops**](https://github.com/mozilla/sops)      | Integrates with cloud providers, supports partial file encryption. | More complex to configure for beginners. |\n| [**BlackBox**](https://github.com/StackExchange/blackbox)  | Simple file-based encryption for Git repos. | Limited to GPG, lacks flexibility.     |\n| [**Vault**](https://www.vaultproject.io/)     | Robust, enterprise-grade with dynamic secrets. | High complexity, overkill for small projects. |\n| [**Confidant**](https://lyft.github.io/confidant/) | AWS IAM integration, designed for secure CI/CD workflows. | Requires AWS, limited to its ecosystem. |\n| [**Doppler**](https://www.doppler.com/)   | Centralized secret management with CI/CD integration. | Paid plans for advanced features, cloud-reliant. |\n\n\u003e **Key Differentiator for EnvCloak**: Focused specifically on Python developers and lightweight CI/CD needs, making it ideal for small to medium projects.\n\n## 🤔 What Do You Think?\nWe’d love to hear your thoughts about EnvCloak! Open an [issue](https://github.com/Veinar/envcloak/issues) or join the conversation in [Discussions](https://github.com/Veinar/envcloak/discussions).\n\n## 🌟  Hall of Fame\n\nA huge thanks to all our amazing contributors! 🎉\n\n\u003ca href=\"https://github.com/Veinar/envcloak/graphs/contributors\"\u003e\n\u003cimg src=\"https://contrib.rocks/image?repo=Veinar/envcloak\"/\u003e\n\u003c/a\u003e\n\n## 🔗 Get Started Today!\n\nDon’t let your API keys end up in the wrong hands (or on Twitter). Grab EnvCloak now and start encrypting like a pro.\n\nHappy `env` (an many other file types) Cloaking! 🕵️‍♂️\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fveinar%2Fenvcloak","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fveinar%2Fenvcloak","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fveinar%2Fenvcloak/lists"}