1
0
Fork 0
mirror of https://github.com/Luzifer/envrun.git synced 2024-11-09 14:50:02 +00:00
envrun/README.md
Knut Ahlers 0e50bf03d6
Update dependencies, fix linter errors
Signed-off-by: Knut Ahlers <knut@ahlers.me>
2023-09-30 12:35:27 +02:00

3 KiB

Go Report Card

Luzifer / envrun

envrun is a small helper utility to inject environment variables stored in a file into processes.

It reads a .env file (configurable) from the current directory and then either takes its own environment variables or a clean set and adds the env variables found in .env to it. The resulting set is passed to the command you put as arguments to envrun.

Examples

To visualize the effect of the utility the test command is python test.py with this simple python script:

import os

for k in os.environ.keys():
  print "{} = {}".format(k, os.environ[k])

It just prints the current environment to STDOUT and exits.

$ cat .env
MY_TEST_VAR=hello world
ANOTHER_VAR=foo

$ python test.py | grep MY_TEST_VAR
## No output on this command

$ envrun --help
Usage of envrun:
      --clean                  Do not pass current environment to child process
      --encryption string      Encryption method used for encrypted env-file (Available: gpg-symmetric, openssl-md5, openssl-sha256) (default "openssl-md5")
      --env-file string        Location of the environment file (default ".env")
      --log-level string       Log level (debug, info, warn, error, fatal) (default "info")
  -p, --password string        Password to decrypt environment file
      --password-file string   Read encryption key from file
      --version                Prints current version and exits

$ envrun python test.py | grep MY_TEST_VAR
MY_TEST_VAR = hello world

$ envrun python test.py | wc -l
      45

$ envrun --clean python test.py | wc -l
       3

$ envrun --clean python test.py
__CF_USER_TEXT_ENCODING = 0x1F5:0x0:0x0
ANOTHER_VAR = foo
MY_TEST_VAR = hello world

Encrypted .env-file

In case you don't want to put the environment variables into a plain text file onto your disk you can use an encrypted file and provide a password to envrun:

GnuPG symmetric encryption

In this example an armored (-a) encryption is used. This is not required and you can leave out the -a flag.

$ echo "MYVAR=myvalue" | gpg --passphrase justatest --batch --quiet --yes -c -a -o .env

$ cat .env
-----BEGIN PGP MESSAGE-----

jA0ECQMCIsGVKNlJw1Py0kMB542XJvekKyuPi2LHQrnFlhD5ALm6orvE3WFAzp7D
kAisTMr10fmjLuENfQhxqd9MB0Kd2mfd3b1mgOzei5IMDLJc
=7k9M
-----END PGP MESSAGE-----

$ envrun -p justatest --encryption gpg-symmetric --clean -- env
MYVAR=myvalue
INFO[0000] Process exitted with code 0

OpenSSL AES256 encryption

$ echo 'MYVAR=myvalue' | openssl enc -e -aes-256-cbc -pass pass:justatest -base64 -out .env

$ cat .env
U2FsdGVkX18xcVIMejjwWzh1DppzptJCHhORH/JDj10=

$ envrun -p justatest --clean -- env
MYVAR=myvalue
INFO[0000] Process exitted with code 0