Thanks to visit codestin.com
Credit goes to github.com

Skip to content

jainal09/envdrift

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

174 Commits
.github
.github
 
 
docs
docs
 
 
envdrift-agent
envdrift-agent
 
 
envdrift-vscode
envdrift-vscode
 
 
examples
examples
 
 
src/envdrift
src/envdrift
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.markdownlint.json
.markdownlint.json
 
 
.markdownlintignore
.markdownlintignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.release-please-manifest.json
.release-please-manifest.json
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
commitlint.config.cjs
commitlint.config.cjs
 
 
install.ps1
install.ps1
 
 
install.sh
install.sh
 
 
mkdocs.yml
mkdocs.yml
 
 
pyproject.toml
pyproject.toml
 
 
release-please-config.json
release-please-config.json
 
 
renovate.json
renovate.json
 
 

Repository files navigation

envdrift logo

envdrift

PyPI version Python 3.11+ License: MIT Docs codecov

Sync environment variables across your team. No more "it works on my machine."

The Problem

  • New developer joins → spends half a day hunting for the right .env values
  • Someone updates a secret → nobody else knows until production breaks
  • "Can you send me the latest API keys?" in Slack → security nightmare

Paid SaaS solutions exist, but do you really want your production secrets on someone else's infrastructure?

The Solution

envdrift is an open-source CLI that syncs encrypted .env files using your existing cloud vault. No hosted service, no additional servers, no third-party trust.

  • Your infrastructure — Works with Azure Key Vault, AWS Secrets Manager, HashiCorp Vault, GCP Secret Manager
  • Zero trust required — Secrets never leave your cloud
  • No new servers — Just a CLI tool, no client-server architecture
  • Free forever — MIT licensed, no per-seat pricing
# New team member onboarding - one command
envdrift pull

# That's it. Keys synced from vault, .env files decrypted, ready to code.

Installation

One-liner (recommended):

# macOS / Linux
curl -sSL https://raw.githubusercontent.com/jainal09/envdrift/main/install.sh | sh

# Windows (PowerShell)
irm https://raw.githubusercontent.com/jainal09/envdrift/main/install.ps1 | iex

Or via pip:

pip install "envdrift[vault]"  # All vault providers

Quick Start

1. Encrypt and push to vault (once per project):

envdrift encrypt .env.production
envdrift vault-push . my-app-key --provider azure --vault-url https://myvault.vault.azure.net/

2. Team members pull instantly:

envdrift pull --provider azure --vault-url https://myvault.vault.azure.net/

3. Daily workflow:

envdrift pull   # After git pull - sync keys, decrypt
envdrift lock   # Before commit - encrypt, verify keys

Beyond Sync

Feature Description
Schema Validation Validate .env against Pydantic schemas
Environment Diffing Compare dev vs staging vs production
Vault Integration Azure, AWS, HashiCorp, GCP
Encryption dotenvx and SOPS backends
CI/CD Mode Fail builds on misconfiguration 
envdrift validate .env --schema config:Settings
envdrift diff .env.dev .env.prod

Documentation

Full documentation: jainal09.github.io/envdrift

License

MIT

About

Prevent environment variable drift with Pydantic schema validation, pre-commit hooks, and dotenvx encryption

jainal09.github.io/envdrift/

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 12

v10.9.0 Latest
Feb 28, 2026
+ 11 releases

Packages

 
 
 

Contributors

Languages