
Security News
Vite Releases Technical Preview of Rolldown-Vite, a Rust-Based Bundler
Vite releases Rolldown-Vite, a Rust-based bundler preview offering faster builds and lower memory usage as a drop-in replacement for Vite.
Extends the proven & trusted foundation of python-dotenv, with a .env.vault
file.
The extended standard lets you load encrypted secrets from your .env.vault
file in production (and other) environments. Brought to you by the same people that pioneered dotenv-nodejs.
pip install python-dotenv-vault
Development usage works just like python-dotenv.
Add your application configuration to your .env
file in the root of your project:
S3_BUCKET=YOURS3BUCKET
SECRET_KEY=YOURSECRETKEYGOESHERE
As early as possible in your application bootstrap process, load .env:
import os
from dotenv_vault import load_dotenv
load_dotenv() # take environment variables from .env.
# Code of your application, which uses environment variables (e.g. from `os.environ` or
# `os.getenv`) as if they came from the actual environment.
When your application loads, these variables will be available in os.environ
or os.getenv
:
import os
s3_bucket = os.getenv("S3_BUCKET")
print(s3_bucket)
Encrypt your environment variables by doing:
npx dotenv-vault local build
This will create an encrypted .env.vault
file along with a .env.keys
file containing the encryption keys. Set the DOTENV_KEY
environment variable by copying and pasting the key value from the .env.keys
file onto your server or cloud provider. For example in heroku:
heroku config:set DOTENV_KEY=<key string from .env.keys>
Commit your .env.vault file safely to code and deploy. Your .env.vault fill be decrypted on boot, its environment variables injected, and your app work as expected.
Note that when the DOTENV_KEY
environment variable is set, environment settings will always be loaded from the .env.vault
file in the project root. For development use, you can leave the DOTENV_KEY
environment variable unset and fall back on the dotenv
behaviour of loading from .env
or a specified set of files (see here in the dotenv
README for the details).
You have two options for managing multiple environments - locally managed or vault managed - both use dotenv-vault.
Locally managed never makes a remote API call. It is completely managed on your machine. Vault managed adds conveniences like backing up your .env file, secure sharing across your team, access permissions, and version history. Choose what works best for you.
Create a .env.production
file in the root of your project and put your production values there.
# .env.production
S3_BUCKET="PRODUCTION_S3BUCKET"
SECRET_KEY="PRODUCTION_SECRETKEYGOESHERE"
Rebuild your .env.vault
file.
npx dotenv-vault local build
View your .env.keys
file. There is a production DOTENV_KEY
that pairs with the DOTENV_VAULT_PRODUCTION
cipher in your .env.vault
file.
Set the production DOTENV_KEY
on your server, recommit your .env.vault
file to code, and deploy. That's it!
Your .env.vault fill be decrypted on boot, its production environment variables injected, and your app work as expected.
Sync your .env file. Run the push command and follow the instructions. learn more
$ npx dotenv-vault push
Manage multiple environments with the included UI. learn more
$ npx dotenv-vault open
Build your .env.vault
file with multiple environments.
$ npx dotenv-vault build
Access your DOTENV_KEY
.
$ npx dotenv-vault keys
Set the production DOTENV_KEY
on your server, recommit your .env.vault
file to code, and deploy. That's it!
DOTENV_KEY
is not set?Dotenv Vault gracefully falls back to python-dotenv when DOTENV_KEY
is not set. This is the default for development so that you can focus on editing your .env
file and save the build
command until you are ready to deploy those environment variables changes.
.env
file?No. We strongly recommend against committing your .env
file to version control. It should only include environment-specific values such as database passwords or API keys. Your production database should have a different password than your development database.
.env.vault
file?Yes. It is safe and recommended to do so. It contains your encrypted envs, and your vault identifier.
DOTENV_KEY
?No. It is the key that unlocks your encrypted environment variables. Be very careful who you share this key with. Do not let it leak.
git checkout -b my-new-feature
)git commit -am 'Added some feature'
)git push origin my-new-feature
)See CHANGELOG.md
MIT
All notable changes to this project will be documented in this file. See standard-version for commit guidelines.
## 0.6.4
### Changed
find_dotenv
. #17python-dotenv
build
for release buildDOTENV_KEY
. Add multiple keys to your DOTENV_KEY for use with decryption. Separate with a comma.DOTENV_KEY
is set.Please see commit history.
FAQs
Decrypt .env.vault file.
We found that python-dotenv-vault demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Vite releases Rolldown-Vite, a Rust-based bundler preview offering faster builds and lower memory usage as a drop-in replacement for Vite.
Research
Security News
A malicious npm typosquat uses remote commands to silently delete entire project directories after a single mistyped install.
Research
Security News
Malicious PyPI package semantic-types steals Solana private keys via transitive dependency installs using monkey patching and blockchain exfiltration.