envseal 0.3.8

Write-only secret vault with process-level access control — post-agent secret management
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

//! `.envseal` file format — drop-in `.env` replacement.
//!
//! A `.envseal` file maps environment variable names to vault secret names.
//! Unlike `.env`, it contains NO secret values — only references.
//!
//! # Format
//!
//! ```text
//! # .envseal — secret references (safe to commit to git)
//! DATABASE_URL=database-url
//! REDIS_URL=redis-url
//! CLOUDFLARE_API_TOKEN=cloudflare-api
//! OPENAI_API_KEY=openai-key
//! ```
//!
//! Each line is `ENV_VAR=secret-name`. The secret-name references a secret
//! stored in the envseal vault. The actual values never appear in this file.
//!
//! # Submodules
//!
//! - [`parser`] — Parse a `.envseal` file or buffer into mappings, plus the
//!   naming-convention helpers (`secret_name_to_env_var`, etc.).
//! - [`discovery`] — Walk-up project discovery and global `~/.envseal`
//!   resolution; merges project mappings over global ones.
//!
//! Public types/functions are re-exported at the module root for ergonomic
//! access (`envseal::file::EnvMapping`, etc.).

pub mod discovery;
pub mod parser;

pub use discovery::{discover, discover_and_load, global_envseal_path};
pub use parser::{
    auto_map_from_names, env_var_to_secret_name, parse_envseal_contents, parse_envseal_file,
    parse_envseal_from_open_file, secret_name_to_env_var, EnvMapping,
};