envx-secure 0.1.0

A CLI for .env file management: diff, audit, and encrypt
envx-secure-0.1.0 is not a library.
Visit the last successful build: envx-secure-0.1.3

envx

A fast, opinionated CLI for .env file management — diff, audit, encrypt.

Install

cargo install --path .

Commands

envx diff <file-a> <file-b>

Semantic diff between two env files. Highlights added, removed, and changed keys. Values for sensitive keys (SECRET, KEY, TOKEN, PASSWORD, etc.) are always redacted.

Exits 0 if files are identical, 1 if differences are found.

local vs staging:

diff local vs staging

staging vs production:

diff staging vs production

envx audit --schema <schema-file> <env-file>

Validates an env file against a schema. The schema is a plain-text file with one required key per line (# comments allowed).

  • ✗ MISSING — required key absent → error
  • ⚠ EMPTY — required key present but blank → error
  • ⚠ EXTRA — key present but not declared in schema → warning

Exits 0 if no errors (warnings are OK), 1 if any required keys are missing or empty.

Failing audit (.env.local is missing SENTRY_DSN):

audit local fail

Passing audit (.env.staging satisfies all required keys):

audit staging pass

envx encrypt <file> / envx decrypt <file>

Encrypts an env file with a passphrase using age. Prompts twice on encrypt (confirmation), once on decrypt.

# Produces .env.staging.age — original is kept
envx encrypt examples/.env.staging

# Restores to examples/.env.staging
envx decrypt examples/.env.staging.age

The original file is never deleted automatically.

Example files

File Purpose
examples/.env.local Local development defaults
examples/.env.staging Staging environment
examples/.env.production Production environment
docs/examples/.env.schema Schema used in audit examples

Development

cargo build
cargo clippy -- -D warnings
cargo fmt