Prevent environment variable drift with Pydantic schema validation, pre-commit hooks, and dotenvx encryption
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
envdrift
Sync environment variables across your team. No more "it works on my machine."
The Problem
- New developer joins → spends half a day hunting for the right
.envvalues - Someone updates a secret → nobody else knows until production breaks
- "Can you send me the latest API keys?" in Slack → security nightmare
Paid SaaS solutions exist, but do you really want your production secrets on someone else's infrastructure?
The Solution
envdrift is an open-source CLI that syncs encrypted .env files using your existing cloud vault.
No hosted service, no additional servers, no third-party trust.
- Your infrastructure — Works with Azure Key Vault, AWS Secrets Manager, HashiCorp Vault, GCP Secret Manager
- Zero trust required — Secrets never leave your cloud
- No new servers — Just a CLI tool, no client-server architecture
- Free forever — MIT licensed, no per-seat pricing
# New team member onboarding - one command
envdrift pull
# That's it. Keys synced from vault, .env files decrypted, ready to code.
Installation
One-liner (recommended):
# macOS / Linux
curl -sSL https://raw.githubusercontent.com/jainal09/envdrift/main/install.sh | sh
# Windows (PowerShell)
irm https://raw.githubusercontent.com/jainal09/envdrift/main/install.ps1 | iex
Or via pip:
pip install "envdrift[vault]" # All vault providers
Quick Start
1. Encrypt and push to vault (once per project):
envdrift encrypt .env.production
envdrift vault-push . my-app-key --provider azure --vault-url https://myvault.vault.azure.net/
2. Team members pull instantly:
envdrift pull --provider azure --vault-url https://myvault.vault.azure.net/
3. Daily workflow:
envdrift pull # After git pull - sync keys, decrypt
envdrift lock # Before commit - encrypt, verify keys
Beyond Sync
| Feature | Description |
|---|---|
| Schema Validation | Validate .env against Pydantic schemas |
| Environment Diffing | Compare dev vs staging vs production |
| Vault Integration | Azure, AWS, HashiCorp, GCP |
| Encryption | dotenvx and SOPS backends |
| CI/CD Mode | Fail builds on misconfiguration |
envdrift validate .env --schema config:Settings
envdrift diff .env.dev .env.prod
Documentation
Full documentation: jainal09.github.io/envdrift
License
MIT
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file envdrift-10.9.3.tar.gz.
File metadata
- Download URL: envdrift-10.9.3.tar.gz
- Upload date:
- Size: 4.0 MB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.11.12 {"installer":{"name":"uv","version":"0.11.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8c68f50b617bac25066b2fdd02824f7e9a535029496b606355e7f84f2629b89b
|
|
| MD5 |
2793159fdd63bbf231cf648f3ae2c28a
|
|
| BLAKE2b-256 |
a091794467602ed971f3ce1e4c41b7b87a4b9c264202ae9d7ea04edb972876d5
|
File details
Details for the file envdrift-10.9.3-py3-none-any.whl.
File metadata
- Download URL: envdrift-10.9.3-py3-none-any.whl
- Upload date:
- Size: 215.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.11.12 {"installer":{"name":"uv","version":"0.11.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1db6ed2835f2bdf797c765a4bb254a19715360203a8e61203b3c2c1e7343512d
|
|
| MD5 |
d208d70d4674449638ebcbfa2c0e6ca0
|
|
| BLAKE2b-256 |
010f8b7363da6e73ef259cb3c9773c8cd5cbd4f011d35aa2c95b04e82ef35f39
|
