Home
env-loader-pro¶
Enterprise-Grade Configuration Management¶
Typed, validated, and secure environment variable loader for Python with automatic type casting, validation, secret masking, cloud secrets integration, and full observability.
What Problem Does This Solve?¶
Traditional .env loaders are basic and unsafe. env-loader-pro provides enterprise-grade features for production environments:
- Type Safety - Automatic casting to int, bool, list, etc.
- Cloud Secrets - Azure Key Vault, AWS Secrets Manager integration
- Audit Trail - Complete provenance tracking for compliance
- Policy Enforcement - Policy-as-code for configuration governance
- CI/CD Safe - All commands work without cloud credentials
- Secret Security - Automatic masking, never logs secrets
Quick Start¶
Key Features¶
-
Security First
Automatic secret masking, audit trail, policy enforcement, and encrypted file support. Never logs secrets in plaintext.
-
Cloud Secrets
Seamless integration with Azure Key Vault, AWS Secrets Manager, and AWS SSM Parameter Store. Secrets override local config.
-
Audit Trail
Complete provenance tracking for compliance. Know exactly where each configuration value came from, without storing secrets.
-
Policy-as-Code
Enforce configuration policies via JSON/YAML files. Require variables, forbid debug flags, enforce source requirements.
-
CI/CD Safe
All CLI commands work without cloud credentials. Perfect for CI pipelines with deterministic behavior and proper exit codes.
-
Performance
Caching, circuit breakers, and performance monitoring with SLAs. Cold start < 500ms, warm load < 50ms, cached < 5ms.
Configuration Precedence¶
env-loader-pro uses a deterministic precedence order for resolving configuration values:
graph TD
A[Schema Defaults] --> B[Base .env]
B --> C[.env.prod]
C --> D[Docker/K8s Secrets]
D --> E[System Environment]
E --> F[Cloud Providers]
F --> G[Final Config]
style A fill:#e1f5ff
style B fill:#e1f5ff
style C fill:#e1f5ff
style D fill:#fff4e1
style E fill:#fff4e1
style F fill:#ffe1e1
style G fill:#e1ffe1Priority Order (highest to lowest):
- Cloud providers (Azure Key Vault, AWS Secrets Manager)
- System environment variables
- Docker/K8s mounted secrets
.env.{env}(environment-specific file)- Base
.envfile - Schema defaults
Security Guarantees¶
Production Ready
env-loader-pro is designed with security as a first-class concern:
- ✅ No secrets in logs - Automatic masking in all outputs
- ✅ Audit trail - Complete provenance tracking without values
- ✅ Policy enforcement - Require/forbid variables via policy files
- ✅ Secret change detection - Prevent accidental exposure
- ✅ CI/CD safe - No cloud access required for validation
CLI Tool¶
The envloader command-line tool provides powerful operations:
# Validate configuration (CI-safe)
envloader validate --ci --required API_KEY PORT
# Show audit trail
envloader audit --json
# Explain precedence
envloader explain
# Configuration diff
envloader diff --ci --deny-secret-changes
Installation¶
Documentation¶
-
Installation, quick start, and basic usage examples.
-
Configuration precedence, type casting, validation, and schema support.
-
Cloud secrets integration with Azure, AWS, Docker, and Kubernetes.
-
Audit trail, failure policies, policy-as-code, and performance monitoring.
-
Security model, secret masking, encrypted files, and CI/CD safety.
-
Technical design, principles, and provider system.
Why env-loader-pro?¶
vs python-dotenv
| Feature | python-dotenv | env-loader-pro |
|---|---|---|
| Load .env | ✅ | ✅ |
| Type casting | ❌ | ✅ |
| Validation | ❌ | ✅ |
| Cloud secrets | ❌ | ✅ |
| Audit trail | ❌ | ✅ |
| Policy enforcement | ❌ | ✅ |
| CI/CD safe | ❌ | ✅ |
Get Started¶
Ready to use env-loader-pro in your project?
Installation Guide Quick Start
Links¶
- GitHub: shanen28/env-loader-pro
- PyPI: env-loader-pro
- Issues: GitHub Issues
License¶
Apache License 2.0 - See LICENSE file for details.