Skip to content
/ env-alias Public

Powerful helper utility to create shell alias commands to easily set collections of environment variables often with secret values from a variety of data-sources and data-formats.

threatpatrols.github.io/env-alias/

License

BSD-2-Clause license
7 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

threatpatrols/env-alias

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

84 Commits
.changelog
.changelog
 
 
.github/workflows
.github/workflows
 
 
docs
docs
 
 
src/env_alias
src/env_alias
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

Env Alias

PyPi Python Versions Build Status License

Env Alias is an environment variable swiss-army-knife that enables loading complex collections of environment variables from a variety of sources only when you require them, thus reducing risks in working with sensitive environment values.

A variety of data-formats are supported including JSON, YAML, Keepass, Ansible Vault, Plaintext and Ini-config where these formats can be sourced from the local-filesystem, http-remote or generated through shell-command exec output.

For example setting an Ansible-vault password file and loading AWS access credentials from values stored in a git project based Keepass file:

env-alias:

  MYPROJECT_KEEPASS_FILE:
    name: null  # prevents this value being assigned into env
    exec: 'echo "$(git rev-parse --show-toplevel)/secrets/myproject-keepass.kdbx"'
  
  MYPROJECT_KEEPASS_PASSPHRASE:
    source: "<getpass>"  # obtain value from user-input using getpass method
    override: false  # if this env-value exists then skip setting again
    
  MYPROJECT_ANSIBLE_VAULT_PASSWORD:
    name: null  # prevents this value being assigned into env
    source: "env:MYPROJECT_KEEPASS_FILE"
    selector: "myproject-name/ansible-vault-entry-name:Password"  # select an item from Keepass file
    keepass_password: "env:MYPROJECT_KEEPASS_PASSPHRASE"

  ANSIBLE_VAULT_PASSWORD_FILE:
    ansible_vault_password: "env:MYPROJECT_ANSIBLE_VAULT_PASSWORD"  # NB: see docs how this gets managed
    ansible_vault_password_file: true  # invoke special helper that renders an Ansible Vault password file

  AWS_SECRET_ACCESS_KEY:
    source: "env:MYPROJECT_KEEPASS_FILE"
    selector: "myproject-name/aws-entry-name:Password"
    keepass_password: "env:MYPROJECT_KEEPASS_PASSPHRASE"
    
  AWS_ACCESS_KEY_ID:
    source: "env:MYPROJECT_KEEPASS_FILE"
    selector: "myproject-name/aws-entry-name:Username"
    keepass_password: "env:MYPROJECT_KEEPASS_PASSPHRASE"

The above example sets the environment variable MYPROJECT_KEEPASS_PASSPHRASE with user input using the getpass Python module only if not already set (override=false). This environment value is then used as the keepass passphrase to open a Keepass file where values are then selected and exported into the shell environment.

Substantially more complex env-alias definitions can be created.

By naming your env-aliases with an easy to remember prefix such as env- it is also possible to leverage shell tab-completion thus making it easier to find the env-alias definitions created for your project or other use-case situation.

Features

Env Alias is enormously useful in working with large sets of environment variables from remote, encrypted or otherwise secured data-sources.

  • Data sources: local-files, http-remote and stdout from an exec command-line.
  • Source formats supported: JSON, YAML, Keepass, Ansible Vault, Plaintext and Ini-config.
  • Select values using jq style selectors, xpath style selectors or line-numbers.
  • 💥 Additional special handling for Ansible Vault Password Files that makes credential handling for Ansible Vault files substantially easier with reduced exposure risks. 💥
  • Self reference environment values in the definition file or from the existing system environment.
  • Define variables with a null name to prevent them being exported into the system environment while still being available for self-reference within the env-alias definition; this is helpful when working with sensitive values that should not be available through the system environment.
  • Ability to use exec commands to setup other project prerequisites or other project start conditions.
  • Debug mode output to STDERR.
  • Easy installation from PyPI.
  • Plenty of documentation and examples - https://threatpatrols.github.io/env-alias

Installation

Pip or pipx should be fine, we prefer pipx these days.

pipx install env-alias

Usage

This tool is typically invoked using an entry in .bash_aliases with an entry of the form:-

source <(env-alias ~/projects/awesome/env-awesome-vars.yml)

This simple .bash_aliases one-line entry creates the alias env-awesome-project by inferring the alias-name from the filename, where this alias then invokes env-alias to set environment values defined in env-awesome-project.yml

Alternatively, you might want to create the alias awesome-envvars which you could do as per -

source <(env-alias awesome-envvars ~/projects/awesome/env-awesome-vars.yml)

Project

This project was migrated from github.com/ndejong/env-alias to github.com/threatpatrols/env-alias in March 2025.

About

Powerful helper utility to create shell alias commands to easily set collections of environment variables often with secret values from a variety of data-sources and data-formats.

threatpatrols.github.io/env-alias/

Topics

python pypi environment-variables env secret-values

Resources

Readme

License

BSD-2-Clause license
Activity
Custom properties

Stars

7 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

11 tags

Packages

No packages published

Languages