envcheck
A fast, modern Rust CLI for linting .env files and ensuring environment synchronization across your entire DevSecOps stack.
โจ Features
Core
- Lint - Detects duplicate keys, invalid syntax, empty values, trailing whitespace, unsorted keys
- Compare - Identifies missing keys across multiple environment files
- Fix - Auto-fix issues with
--commitand--prflags for CI integration - TUI - Interactive terminal UI for comparing and merging
.envfiles
DevSecOps Integrations
| Integration | Command | What it checks |
|---|---|---|
| Kubernetes | envcheck k8s-sync |
SecretKeyRef/ConfigMapKeyRef vs .env |
| Terraform | envcheck terraform |
TF_VAR_* variable usage |
| Ansible | envcheck ansible |
lookup('env', 'VAR') calls |
| GitHub Actions | envcheck actions |
env: blocks in workflows |
| Helm | envcheck helm |
SCREAMING_SNAKE_CASE in values.yaml |
| ArgoCD | envcheck argo |
plugin.env and kustomize.commonEnv |
Output Formats
- Text - Colored terminal output (default)
- JSON - Machine-readable for pipelines
- GitHub - Native GitHub Actions annotations
- SARIF - GitHub Security tab integration
- PR Comment - Markdown for PR/MR comments
๐ Installation
Cargo (Recommended)
npm
# or use without installing
Homebrew
Binary Releases
Download pre-built binaries from GitHub Releases.
๐ Usage
Lint .env files
Compare environments
Fix issues automatically
Interactive TUI
K8s Sync
Terraform
Ansible
GitHub Actions
Helm
ArgoCD
Shell Completions
๐ Lint Rules
| ID | Rule | Severity | Description |
|---|---|---|---|
E001 |
Duplicate Key | Error | Key defined multiple times |
E002 |
Invalid Syntax | Error | Line is not KEY=VALUE |
W001 |
Empty Value | Warning | Key has no value |
W002 |
Trailing Whitespace | Warning | Line ends with whitespace |
W003 |
Unsorted Keys | Warning | Keys are not alphabetically sorted |
W004 |
Missing Key | Warning | Key missing in comparison file |
W005 |
K8s Missing Env | Warning | Key in K8s not in .env |
W006 |
Unused Env | Info | Key in .env not in K8s |
โ๏ธ Configuration
Create .envcheckrc.yaml or .envcheckrc.toml in your project root:
# .envcheckrc.yaml
rules:
disable:
- W003 # Don't warn about unsorted keys
warnings_as_errors: false
ignore:
- "*.local"
- ".env.development"
format: text
files:
- .env
- .env.example
.envcheckignore
# Ignore patterns (like .gitignore)
*.local
.env.development
tests/fixtures/**
JSON Schema for IDE autocompletion: https://envcheck.github.io/schema/envcheckrc.json
๐ CI/CD Integration
GitHub Actions
- uses: envcheck/action-envcheck@v1
with:
command: lint
args: .env.example .env
format: github
Pre-commit
repos:
- repo: https://github.com/envcheck/envcheck
rev: v0.1.0
hooks:
- id: envcheck-lint
args:
- id: envcheck-k8s
args:
GitLab CI
envcheck:
image: rust:latest
script:
- cargo install envcheck
- envcheck lint .env --format json > envcheck-report.json
artifacts:
reports:
codequality: envcheck-report.json
๐๏ธ Architecture
envcheck/
โโโ envcheck/ # Core Rust CLI (this repo)
โโโ envcheck-npm/ # npm wrapper package
โโโ action-envcheck/ # GitHub Action
โโโ envcheck.github.io/ # Documentation website
๐ง Performance
- Parallel processing with Rayon
- Zero-copy parsing with
Cow<str>for reduced allocations - Benchmarks available via
cargo bench
parse_env_file: ~3.3 ยตs
lint_rules: ~2.3 ยตs
๐ค Comparison
| Feature | envcheck | dotenv-linter |
|---|---|---|
| Linting | โ | โ |
| Compare | โ | โ |
| Auto-fix | โ + commit/PR | โ |
| K8s Sync | โ | โ |
| Terraform | โ | โ |
| Ansible | โ | โ |
| GitHub Actions | โ | โ |
| Helm | โ | โ |
| ArgoCD | โ | โ |
| TUI | โ | โ |
| SARIF | โ | โ |
| Config files | โ | โ |
| Shell completions | โ | โ |
๐ฆ Related Packages
- envcheck-npm - npm wrapper
- action-envcheck - GitHub Action
- envcheck.github.io - Documentation
๐ License
MIT