Use envy
to manage sensitive environment variables when running commands.
github.com/shoenig/envy
provides a CLI utility for running commands with secret
environment variables like GITHUB_TOKEN
, etc.
envy
builds on ideas from envchain and schain.
It makes use of the go-keyring library for multi-platform keyring management.
Encryption is based on Go's built-in crypto/aes
library.
Persistent storage is managed through boltdb.
Supports Linux, macOS, and Windows
The envy
command is available to download from the Releases page.
Multiple operating systems and architectures are supported, including
- Linux
- macOS
- Windows
The envy
command can be installed from source by running
$ go install github.com/shoenig/envy@latest
Subcommands for envy:
exec Run a command with environment variables from namespace.
use `-insulate` to exclude external environment variables
list List available namespaces.
purge Remove a namespace and all of its environment variables.
set Set/Update/Remove environment variable(s) for namespace.
show Show environment variable(s) in namespace.
use `-decrypt` to include decrypted values
$ envy set example FOO=1 BAR=2 BAZ=3
$ envy set example FOO=4
$ envy set example -FOO
$ envy exec example env
BAR=2
BAZ=3
... <many more from user> ...
$ envy exec -insulate example env
BAR=2
BAZ=3
$ envy exec -insulate example EXTRA=value env
EXTRA=value
BAR=2
BAZ-3
$ envy list
consul/connect-acls:no_tls
example
nomad/e2e
test
$ envy show test
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
$ envy show -decrypt test
AWS_ACCESS_KEY_ID=aaabbbccc
AWS_SECRET_ACCESS_KEY=233kjsdf309jfsd
$ envy purge test
purged namespace "test"
The github.com/shoenig/envy
module is always improving with new features
and error corrections. For contributing bug fixes and new features please file
an issue.
The github.com/shoenig/envy
module is open source under the MIT license.