dotenvage 0.6.0

Dotenv with age encryption: encrypt/decrypt secrets in .env files
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230

"""Type stubs for dotenvage Python bindings."""

from typing import Final

__version__: Final[str]

class SecretManager:
    """Manager for encrypting and decrypting secrets using age encryption."""

    def __init__(self) -> None:
        """Create a SecretManager by loading the key from standard locations.

        Key discovery order:
        0. Auto-discover AGE_KEY_NAME from .env or .env.local files
        1. DOTENVAGE_AGE_KEY environment variable (full identity string)
        2. AGE_KEY environment variable
        3. EKG_AGE_KEY environment variable
        4. Key file from AGE_KEY_NAME ({namespace}/{keyname})
           e.g., myapp/production -> ~/.local/state/myapp/production.key
        5. Default: ~/.local/state/dotenvage/dotenvage.key

        Raises:
            RuntimeError: If no valid key can be found or loaded.
        """
        ...

    @staticmethod
    def generate() -> SecretManager:
        """Generate a new random identity (key pair).

        Returns:
            A new SecretManager with a freshly generated key pair.

        Raises:
            RuntimeError: If key generation fails.
        """
        ...

    @staticmethod
    def from_identity_string(identity: str) -> SecretManager:
        """Create a SecretManager from an existing age identity string.

        Args:
            identity: An age identity string (starts with AGE-SECRET-KEY-).

        Returns:
            A SecretManager using the provided identity.

        Raises:
            ValueError: If the identity string is invalid.
        """
        ...

    @staticmethod
    def is_encrypted(value: str) -> bool:
        """Check if a value is in a recognized encrypted format.

        Args:
            value: The value to check.

        Returns:
            True if the value matches the ENC[AGE:b64:...] format.
        """
        ...

    def public_key_string(self) -> str:
        """Get the public key as a string in age format.

        Returns:
            The public key string (starts with age1).
        """
        ...

    def encrypt_value(self, plaintext: str) -> str:
        """Encrypt a plaintext value.

        Args:
            plaintext: The value to encrypt.

        Returns:
            The encrypted value in ENC[AGE:b64:...] format.

        Raises:
            RuntimeError: If encryption fails.
        """
        ...

    def decrypt_value(self, value: str) -> str:
        """Decrypt a value if it's encrypted, otherwise return unchanged.

        Args:
            value: The value to decrypt (may or may not be encrypted).

        Returns:
            The decrypted plaintext, or the original value if not encrypted.

        Raises:
            RuntimeError: If decryption fails for an encrypted value.
        """
        ...

class EnvLoader:
    """Loader for .env files with automatic decryption of encrypted values."""

    def __init__(self) -> None:
        """Create an EnvLoader with a default SecretManager.

        Raises:
            RuntimeError: If the default SecretManager cannot be created.
        """
        ...

    @staticmethod
    def with_manager(manager: SecretManager) -> EnvLoader:
        """Create an EnvLoader with a specific SecretManager.

        Args:
            manager: The SecretManager to use for decryption.

        Returns:
            An EnvLoader using the provided manager.
        """
        ...

    def load(self) -> list[str]:
        """Load .env files from the current directory.

        Files are loaded in specificity order, with later files overriding
        earlier ones. Encrypted values are automatically decrypted and
        loaded into the process environment.

        Returns:
            List of file paths that were actually loaded, in load order.

        Raises:
            RuntimeError: If loading fails.
        """
        ...

    def load_from_dir(self, dir: str) -> list[str]:
        """Load .env files from a specific directory.

        Args:
            dir: The directory to load .env files from.

        Returns:
            List of file paths that were actually loaded, in load order.

        Raises:
            RuntimeError: If loading fails.
        """
        ...

    def get_all_variable_names(self) -> list[str]:
        """Get all variable names from .env files in the current directory.

        Returns:
            List of variable names defined in .env files.

        Raises:
            RuntimeError: If reading fails.
        """
        ...

    def get_all_variable_names_from_dir(self, dir: str) -> list[str]:
        """Get all variable names from .env files in a specific directory.

        Args:
            dir: The directory to scan for .env files.

        Returns:
            List of variable names defined in .env files.

        Raises:
            RuntimeError: If reading fails.
        """
        ...

    def get_all_variables(self) -> dict[str, str]:
        """Load and return all variables as a dictionary.

        This loads variables into the process environment first, then
        returns them as a dictionary with decrypted values.

        Returns:
            Dictionary mapping variable names to their (decrypted) values.

        Raises:
            RuntimeError: If loading fails.
        """
        ...

    def get_all_variables_from_dir(self, dir: str) -> dict[str, str]:
        """Load and return all variables from a directory as a dictionary.

        Args:
            dir: The directory to load .env files from.

        Returns:
            Dictionary mapping variable names to their (decrypted) values.

        Raises:
            RuntimeError: If loading fails.
        """
        ...

    def resolve_env_paths(self, dir: str) -> list[str]:
        """Compute the ordered list of .env file paths that would be loaded.

        Args:
            dir: The directory to resolve paths for.

        Returns:
            Ordered list of .env file paths (may include non-existent files).
        """
        ...

def should_encrypt(key: str) -> bool:
    """Check if a key name should be encrypted based on auto-detection patterns.

    Keys containing PASSWORD, SECRET, KEY, TOKEN, CREDENTIAL, AUTH, PRIVATE,
    and similar patterns are detected as sensitive.

    Args:
        key: The environment variable name to check.

    Returns:
        True if the key name matches sensitive patterns.
    """
    ...