secure-dotenv 0.1.0__tar.gz

secure_dotenv-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Nishanth
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

secure_dotenv-0.1.0/PKG-INFO

@@ -0,0 +1,294 @@
+Metadata-Version: 2.4
+Name: secure-dotenv
+Version: 0.1.0
+Summary: The AI-safe, replacement for Python .env files.
+Author-email: Nishanth K R <itsmenishanthkr@gmail.com>
+License-Expression: MIT
+Classifier: Programming Language :: Python :: 3
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: cryptography>=41.0.0
+Requires-Dist: keyring>=24.0.0
+Requires-Dist: watchdog>=3.0.0
+Requires-Dist: fastapi>=0.100.0
+Requires-Dist: uvicorn>=0.23.0
+Requires-Dist: click>=8.1.0
+Dynamic: license-file
+
+
+# 🔐 Secure dotenv
+
+<img src="./assets/logo.png" alt="Secure dotenv" width="800"/>
+
+**Secure dotenv** is a secure replacement for traditional `.env` files.  
+It automatically moves secrets into a secure vault while keeping your development workflow unchanged.
+
+Your application still reads environment variables the same way — but **secrets never remain in plaintext `.env` files**.
+
+---
+
+# Why Secure dotenv?
+
+Traditional `.env` files are convenient but unsafe.
+
+Common problems:
+
+- Secrets stored in plaintext
+- Secrets accidentally committed to Git
+
+**Secure dotenv fixes this automatically.**
+
+- Secrets are moved to a secure vault
+- `.env` files keep only the keys
+- Secrets are restored to memory at runtime
+- No changes required in your application logic
+
+---
+
+# Features
+
+- 🔐 Automatically moves secrets to a secure vault
+- 🧠 Drop-in replacement for `dotenv`
+- 🚫 Prevents accidental secret commits
+- 🔁 Incremental secret migration
+- 🗂 Supports multiple projects
+- 🌎 Multiple environment profiles (`.env`, `.env.stage`, etc.)
+- 🖥 Built-in local UI for managing secrets
+
+---
+
+# Quickstart
+
+## Installation
+
+```bash
+pip install secure-dotenv
+````
+
+---
+
+## Migrate an existing `.env` file
+
+Run the following commands once to initialize and migrate your secrets.
+
+```bash
+# 1. initialize a vault
+secure-dotenv init
+
+# 2. migrate secrets to vault
+secure-dotenv migrate
+
+# this is a one-time activity
+```
+
+---
+
+# Python Usage
+
+Replace the standard dotenv import.
+
+```python
+#from dotenv import load_dotenv   <- replace this
+
+from secure_dotenv import load_dotenv
+
+load_dotenv()
+
+print(os.environ['OPENAI_API_KEY'])
+```
+
+Your application code remains unchanged.
+
+---
+
+# Web UI
+
+Secure dotenv includes a simple UI for managing secrets.
+
+Start the UI with:
+
+```bash
+secure-dotenv ui
+```
+
+---
+
+# How It Works
+
+1. You create a normal `.env` file with keys and secret values.
+
+```
+OPENAI_API_KEY=sk-xxxx
+DATABASE_PASSWORD=secret
+```
+
+2. When your program runs:
+
+```
+load_dotenv()
+```
+
+Secure dotenv will:
+
+* Move secret values into the vault
+* Remove the values from the `.env` file
+* Leave only the variable names behind
+* Load the secrets into memory at runtime
+
+Example result:
+
+```
+OPENAI_API_KEY=
+DATABASE_PASSWORD=
+```
+
+Your secrets now live securely in the vault.
+
+---
+
+# Basics
+
+### Project Structure
+
+Secrets are organized in a hierarchy:
+
+```
+Project (unique id)
+   ├── Profile (.env)
+   ├── Profile (.env.stage)
+   └── Profile (.env.local)
+```
+
+Each profile contains its own secrets.
+
+---
+
+### Automatic Secret Protection
+
+Every time `load_dotenv()` runs:
+
+* Secret values are **removed from `.env`**
+* Secrets are **loaded from vault into memory**
+* Your application reads them normally using `os.environ`
+
+---
+
+### Incremental Secret Migration
+
+You can keep editing your `.env` file normally.
+
+Secure dotenv automatically detects changes.
+
+* **Add a new secret** → automatically moved to vault
+* **Update a secret value** → vault is updated
+* **Existing secrets remain untouched**
+
+No manual syncing required.
+
+---
+
+# CLI Commands
+
+```bash
+Usage: secure-dotenv [OPTIONS] COMMAND [ARGS]...
+
+secure_dotenv: The AI-safe replacement for .env files.
+
+Options:
+  --help  Show this message and exit.
+
+Commands:
+  delete          Delete a secret from a profile.
+  delete-profile  Delete an entire environment profile (e.g., .env.local).
+  init            Initializes the current folder as a secure_dotenv project.
+  migrate         Syncs vault with local .env files.
+  projects        List all secured projects in the vault.
+  restore         Brings back the values from the vault into the env file.
+  secrets         List secrets for the current project.
+  set             Add or update a secret.
+  ui              Starts the local web UI for managing secrets.
+```
+
+---
+
+# Security Guarantee
+
+With **Secure dotenv**, your project can never accidentally commit secrets to a repository.
+
+Secrets are:
+
+* stored in a vault
+* removed from `.env` files
+* loaded only in memory during runtime
+
+---
+
+# Example Workflow
+
+1️⃣ Create `.env`
+
+```
+OPENAI_API_KEY=sk-xxxx
+```
+
+2️⃣  Create app.py
+
+```python
+import os
+from secure_dotenv import load_dotenv
+load_dotenv()
+
+print(os.environ['OPENAI_API_KEY'])
+
+```
+
+3️⃣ Run your program
+
+```bash
+python app.py
+```
+
+4️⃣ Secure dotenv automatically:
+
+```
+.env file becomes
+
+OPENAI_API_KEY=
+```
+
+5️⃣ Secret safely stored in vault.
+
+6️⃣ Restore to see the saved vaules
+
+```bash
+secure-dotenv restore
+```
+---
+
+# When to Use Secure dotenv
+
+* Local development
+* AI / LLM projects
+* DevOps pipelines
+* Applications using API keys
+* Teams worried about secret leaks
+
+---
+
+# Contributing
+
+Contributions are welcome.
+
+If you find bugs or have feature ideas, please open an issue or pull request.
+
+---
+
+# License
+
+MIT License
+
+---
+
+⭐ **If this project helps protect your secrets, consider giving it a star.**

secure_dotenv-0.1.0/README.md

@@ -0,0 +1,275 @@
+
+# 🔐 Secure dotenv
+
+<img src="./assets/logo.png" alt="Secure dotenv" width="800"/>
+
+**Secure dotenv** is a secure replacement for traditional `.env` files.  
+It automatically moves secrets into a secure vault while keeping your development workflow unchanged.
+
+Your application still reads environment variables the same way — but **secrets never remain in plaintext `.env` files**.
+
+---
+
+# Why Secure dotenv?
+
+Traditional `.env` files are convenient but unsafe.
+
+Common problems:
+
+- Secrets stored in plaintext
+- Secrets accidentally committed to Git
+
+**Secure dotenv fixes this automatically.**
+
+- Secrets are moved to a secure vault
+- `.env` files keep only the keys
+- Secrets are restored to memory at runtime
+- No changes required in your application logic
+
+---
+
+# Features
+
+- 🔐 Automatically moves secrets to a secure vault
+- 🧠 Drop-in replacement for `dotenv`
+- 🚫 Prevents accidental secret commits
+- 🔁 Incremental secret migration
+- 🗂 Supports multiple projects
+- 🌎 Multiple environment profiles (`.env`, `.env.stage`, etc.)
+- 🖥 Built-in local UI for managing secrets
+
+---
+
+# Quickstart
+
+## Installation
+
+```bash
+pip install secure-dotenv
+````
+
+---
+
+## Migrate an existing `.env` file
+
+Run the following commands once to initialize and migrate your secrets.
+
+```bash
+# 1. initialize a vault
+secure-dotenv init
+
+# 2. migrate secrets to vault
+secure-dotenv migrate
+
+# this is a one-time activity
+```
+
+---
+
+# Python Usage
+
+Replace the standard dotenv import.
+
+```python
+#from dotenv import load_dotenv   <- replace this
+
+from secure_dotenv import load_dotenv
+
+load_dotenv()
+
+print(os.environ['OPENAI_API_KEY'])
+```
+
+Your application code remains unchanged.
+
+---
+
+# Web UI
+
+Secure dotenv includes a simple UI for managing secrets.
+
+Start the UI with:
+
+```bash
+secure-dotenv ui
+```
+
+---
+
+# How It Works
+
+1. You create a normal `.env` file with keys and secret values.
+
+```
+OPENAI_API_KEY=sk-xxxx
+DATABASE_PASSWORD=secret
+```
+
+2. When your program runs:
+
+```
+load_dotenv()
+```
+
+Secure dotenv will:
+
+* Move secret values into the vault
+* Remove the values from the `.env` file
+* Leave only the variable names behind
+* Load the secrets into memory at runtime
+
+Example result:
+
+```
+OPENAI_API_KEY=
+DATABASE_PASSWORD=
+```
+
+Your secrets now live securely in the vault.
+
+---
+
+# Basics
+
+### Project Structure
+
+Secrets are organized in a hierarchy:
+
+```
+Project (unique id)
+   ├── Profile (.env)
+   ├── Profile (.env.stage)
+   └── Profile (.env.local)
+```
+
+Each profile contains its own secrets.
+
+---
+
+### Automatic Secret Protection
+
+Every time `load_dotenv()` runs:
+
+* Secret values are **removed from `.env`**
+* Secrets are **loaded from vault into memory**
+* Your application reads them normally using `os.environ`
+
+---
+
+### Incremental Secret Migration
+
+You can keep editing your `.env` file normally.
+
+Secure dotenv automatically detects changes.
+
+* **Add a new secret** → automatically moved to vault
+* **Update a secret value** → vault is updated
+* **Existing secrets remain untouched**
+
+No manual syncing required.
+
+---
+
+# CLI Commands
+
+```bash
+Usage: secure-dotenv [OPTIONS] COMMAND [ARGS]...
+
+secure_dotenv: The AI-safe replacement for .env files.
+
+Options:
+  --help  Show this message and exit.
+
+Commands:
+  delete          Delete a secret from a profile.
+  delete-profile  Delete an entire environment profile (e.g., .env.local).
+  init            Initializes the current folder as a secure_dotenv project.
+  migrate         Syncs vault with local .env files.
+  projects        List all secured projects in the vault.
+  restore         Brings back the values from the vault into the env file.
+  secrets         List secrets for the current project.
+  set             Add or update a secret.
+  ui              Starts the local web UI for managing secrets.
+```
+
+---
+
+# Security Guarantee
+
+With **Secure dotenv**, your project can never accidentally commit secrets to a repository.
+
+Secrets are:
+
+* stored in a vault
+* removed from `.env` files
+* loaded only in memory during runtime
+
+---
+
+# Example Workflow
+
+1️⃣ Create `.env`
+
+```
+OPENAI_API_KEY=sk-xxxx
+```
+
+2️⃣  Create app.py
+
+```python
+import os
+from secure_dotenv import load_dotenv
+load_dotenv()
+
+print(os.environ['OPENAI_API_KEY'])
+
+```
+
+3️⃣ Run your program
+
+```bash
+python app.py
+```
+
+4️⃣ Secure dotenv automatically:
+
+```
+.env file becomes
+
+OPENAI_API_KEY=
+```
+
+5️⃣ Secret safely stored in vault.
+
+6️⃣ Restore to see the saved vaules
+
+```bash
+secure-dotenv restore
+```
+---
+
+# When to Use Secure dotenv
+
+* Local development
+* AI / LLM projects
+* DevOps pipelines
+* Applications using API keys
+* Teams worried about secret leaks
+
+---
+
+# Contributing
+
+Contributions are welcome.
+
+If you find bugs or have feature ideas, please open an issue or pull request.
+
+---
+
+# License
+
+MIT License
+
+---
+
+⭐ **If this project helps protect your secrets, consider giving it a star.**

secure_dotenv-0.1.0/pyproject.toml

@@ -0,0 +1,32 @@
+[build-system]
+requires = ["setuptools>=61.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "secure-dotenv"
+version = "0.1.0"
+authors = [{name = "Nishanth K R", email = "itsmenishanthkr@gmail.com"}]
+description = "The AI-safe, replacement for Python .env files."
+readme = "README.md"
+requires-python = ">=3.7"
+classifiers = [
+    "Programming Language :: Python :: 3",
+    "Operating System :: OS Independent",
+]
+license="MIT"
+license-files = ["LICENSE"]
+dependencies = [
+    "cryptography>=41.0.0",
+    "keyring>=24.0.0",
+    "watchdog>=3.0.0",
+    "fastapi>=0.100.0",
+    "uvicorn>=0.23.0",
+    "click>=8.1.0"
+]
+
+[project.scripts]
+secure-dotenv = "secure_dotenv.cli:cli"
+
+[tool.setuptools.packages.find]
+include = ["secure_dotenv*"]  # Only include your code
+exclude = ["assets*", "tests*"] # Explicitly ignore the assets folder

secure_dotenv-0.1.0/secure_dotenv/__init__.py

@@ -0,0 +1,25 @@
+import os
+import warnings
+from pathlib import Path
+from .core import get_project_secrets, parse_env_file
+
+def load_dotenv(dotenv_path=".env", override=False, **kwargs):
+    project_root = Path.cwd()
+    env_path = project_root / dotenv_path
+    id_file = project_root / ".secure-env-id"
+    
+    if not id_file.exists():
+        return # Standard behavior if not initialized
+        
+    project_id = id_file.read_text().strip()
+    
+    # 1. Perform Migration/Sync automatically
+    if env_path.exists():
+        from .core import migrate_and_clear_env
+        migrate_and_clear_env(str(env_path), project_id)
+        
+    # 2. Load into memory from Vault
+    secrets = get_project_secrets(project_id, Path(dotenv_path).name)
+    for key, value in secrets.items():
+        if override or key not in os.environ:
+            os.environ[key] = value