30 open-source projects similar to dotenvx/dotenvx, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Dotenvx alternative.
yadm is a dotfile manager that uses Git as its underlying version control engine to track, synchronize, and manage configuration files across multiple machines. It keeps dotfiles in their original home directory locations while providing a system for deploying different file versions based on operating system, hostname, or hardware architecture through an alternate file naming convention. The tool distinguishes itself through several integrated capabilities that go beyond basic version control. It includes a template-based configuration generation system that renders files by merging template
This project is a Unix backup orchestrator used for modeling and executing full-stack data protection. It functions as a management system for database dumps, encrypted archiving, version rotation, and remote storage transport. The system distinguishes itself by orchestrating native system tools for various databases, including PostgreSQL, MySQL, MongoDB, Redis, and Riak. It employs a secure archive workflow that combines compression and encryption using GPG, OpenSSL, or AES before transporting packages to S3-compatible services, Dropbox, or remote servers via SFTP and RSync. Broad capabilit
godotenv is a Go library designed to load, parse, and serialize environment configuration files. It provides tools to extract configuration data from files into maps and inject those key-value pairs directly into the system environment of a Go application process. The project includes a configuration file serializer for exporting environment variable maps back into formatted files and a parser for extracting data without modifying the system environment. It supports injecting variables from strings or files into the process environment using priority-based overloading and overwriting. The li
python-dotenv is a library and command line interface for managing environment variables in Python applications. It functions as a configuration parser and loader that reads key-value pairs from files and injects them into the system environment, enabling the decoupling of application configuration from source code. The project provides a command line interface for manipulating and editing environment variables within configuration files. It also includes a mechanism for recursive variable interpolation, allowing dynamic placeholders within configuration files to be resolved using existing en
Dotenv is a Ruby library used for loading key-value pairs from files into an application environment. It includes a configuration parser to extract variables into hashes and a loader to inject those pairs into the global environment. The project features a variable interpolator that resolves environment variables and shell command outputs within configuration values. It also provides a validator to verify that required configuration keys are present during application initialization. The toolset covers environment variable management, including the ability to generate configuration templates
env is a Go library that reads environment variables and populates the fields of a Go struct according to tag directives. It uses reflection to iterate over struct types and tags at runtime, mapping environment variable names to struct fields and applying parsing behavior defined in struct tags. The library supports required field validation, returning errors when marked fields are missing or empty after parsing. It also provides default value fallback from struct tags when environment variables are not set, environment variable expansion that recursively substitutes references within values,
git-secret is a command line tool and Bash encryption utility used to manage sensitive configuration files and passwords within Git repositories. It enables version controlled secret storage by encrypting files with GPG public keys, ensuring that sensitive data can be committed to a repository without exposing plaintext. The tool utilizes a PGP encryption workflow to control access through a managed keyring of authorized public keys. This allows for the granting and revocation of decryption permissions for specific users. To prevent accidental data leaks, it automatically integrates with Git
Blackbox is a GPG secret management tool and asymmetric encryption wrapper used to securely store and share sensitive files within version control systems like Git, Mercurial, or Subversion. It functions as a version control secret store that encrypts files for safe storage at rest while allowing authorized users and machines to decrypt them. The system distinguishes itself by integrating directly with version control to provide plaintext diff and log visualization of encrypted files. It supports multi-recipient encryption and automated secret decryption via passphrase-less GPG subkeys, enabl
phpdotenv is a PHP environment variable loader and configuration parser. It reads key-value pairs from files and populates them into PHP system environment variables and global arrays to avoid hardcoding sensitive settings in code. The project includes a configuration variable interpolator to resolve nested references and variables within environment files. It also provides an environment variable validator to ensure required variables exist and match specific data types or values. The system covers application secret management, multi-environment deployment, and the parsing of raw configura
Teldrive is a web-based cloud storage interface that uses Telegram as a backend for storing and organizing files. It functions as an encrypted cloud drive and a remote storage bridge, allowing users to manage files through a dedicated file manager. The system optimizes data throughput by using a proxy to aggregate multiple authentication tokens, which bypasses single-account rate limits to increase upload and download speeds. It ensures data privacy through per-file salt encryption for both file data and metadata. The project covers remote file management, including the ability to mount stor
x-cmd is an AI agent orchestrator, cloud infrastructure CLI, and cross-platform package manager that provides an enhanced POSIX shell toolkit. It integrates large language models directly into the terminal for chatting, code generation, and the execution of agentic workflows, while offering a framework for building interactive terminal user interface components. The project distinguishes itself by deploying containerized AI agents within isolated sandboxes, provisioning them with specialized skills and headless browser automation capabilities. It further streamlines development through a unif
sops-nix is a declarative secret provisioner and management module for NixOS and Home Manager. It enables the storage of encrypted secrets directly in version control and decrypts them into a non-persistent ramfs during system activation to provide plaintext files to services without storing them on disk. The project distinguishes itself through a tight integration with the NixOS activation hook and systemd, allowing it to delay service startup until decryption completes and automatically restart units when secret values are updated. It also provides utilities to transform existing SSH host k
This project is a command-line utility that executes processes by injecting environment variables from local configuration files. It functions as a runtime wrapper, allowing developers to manage application settings and process execution contexts without modifying global system variables. The tool distinguishes itself by supporting dynamic configuration loading, which allows for the use of files that export objects or promises to compute values at runtime. It provides granular control over environment management, including the ability to group variables into named collections, protect existin
VeraCrypt is a cross-platform disk encryption utility used to create encrypted file containers and secure entire disk partitions. It functions as a tool for full disk encryption and a manager for encrypted volumes, providing a means to protect sensitive data on local disks and removable media across multiple operating systems. The software is distinguished by its support for plausible deniability, allowing the creation of hidden volumes nested within other encrypted volumes to conceal the existence of data. It also implements hardware-based access control, requiring physical security tokens,
Travis CI is a continuous integration platform and CI/CD pipeline orchestrator that automates the testing and building of code changes from version control systems. It functions as a multi-language test runner and build infrastructure manager, ensuring software quality through automated testing across various programming languages and runtimes. The platform is distinguished by its use of virtual-machine-based isolation for reproducible environments and a configuration-driven approach to pipeline generation. It supports complex testing strategies through parallel matrix execution, allowing job
Staticrypt is a tool for securing static HTML files using AES-256 encryption. It provides a command-line interface to encrypt and decrypt web pages, transforming plain HTML into encrypted payloads that are decrypted directly in the browser without the need for a backend server or database. The project distinguishes itself through access management features such as auto-decrypting links, which use hashed passwords in URL fragments to unlock files for specific recipients. It also supports browser session persistence, storing hashed passwords in local storage to prevent repeated authentication.
git-crypt is a transparent cryptography layer and secret manager for Git repositories. It encrypts specific files so they remain as ciphertext on remote servers while appearing as plaintext in local directories. The tool uses Git attributes to define the scope of files and directories targeted for encryption. It supports both symmetric secret key encryption for shared access and asymmetric public key encryption to control decryption permissions among multiple collaborators. The system automates the encryption and decryption process through hook-based filters that trigger during commit and ch
Flux is a Kubernetes GitOps delivery tool used to automate application deployments by synchronizing cluster state with configurations stored in Git, OCI, or Helm repositories. It functions as a set of controllers that monitor desired state in external sources and continuously reconcile the live cluster to match those definitions. The system distinguishes itself through a multi-cluster management plane that coordinates application delivery across fleets of remote clusters from a central hub. It provides a dedicated mechanism for automated image updates, which scans container registries for new
Legendary is a game management tool designed for downloading, installing, and updating game files from remote servers without the use of official store clients. It provides a means to list available account titles, track installed games, and import existing local installations by verifying files. The project enables the management of Steam game libraries on systems where the official client is unsupported and supports the activation of titles from third-party accounts through external authorization systems. It also provides tools for configuring Linux gaming environments, specifically through
Sealed Secrets is a Kubernetes secret encryption tool and controller designed for GitOps security. It provides a mechanism to encrypt sensitive data into specialized resources that can be safely stored in public version control systems and decrypted only within a cluster. The system uses an asymmetric encryption manager to seal secrets with a public key, ensuring that only the corresponding private key held within the cluster can unseal them. It includes utilities for security key rotation, secret re-encryption, and offline private key recovery to maintain data access during disaster recovery
gopass is a terminal-based password manager and GPG secret store used for generating, storing, and retrieving encrypted credentials. It functions as a collaborative secret manager that encrypts data using GPG or age and synchronizes it across devices and teams using Git. The system distinguishes itself by treating version control repositories as the primary storage backend, enabling secure secret sharing and version history for credentials. It utilizes a hierarchical directory structure to organize secrets on the filesystem and supports multi-store mounting to combine multiple independent rep
This project serves as a documentation hub and specification repository for official Docker images. It functions as a metadata-driven documentation generator that transforms structured content files into markdown files and readmes for public distribution. The repository provides technical guides and configuration standards for deploying containerized software across multiple CPU architectures. It includes detailed manuals for configuring environment variables, volume mounts, and network settings to ensure consistent image deployments. The documentation covers a broad range of containerized e
react-native-config is a cross-platform mobile environment manager and native build configuration tool. It implements twelve-factor app configuration principles by separating environment-specific settings from application code. The project provides a mechanism to inject environment variables directly into native project files and build settings during the compilation process. It further functions as a type-safe configuration loader that generates TypeScript definitions for environment variables to ensure autocompletion and safety. The tool manages multi-environment configurations by loading
Devpush is a self-hosted Git-based PaaS that automates the deployment of containerized applications. It maps each Git branch to an isolated Docker environment, creating a multi-environment runtime where staging, production, and other workflows run in parallel with scoped configuration and encrypted variables. Deployments are triggered automatically by Git push events via a configured GitHub App, managing the full lifecycle from build to release with zero-downtime rollouts and instant rollback. The platform includes a built-in Let's Encrypt SSL manager that automatically provisions and renews
aws-vault is a secure credential manager and command-line wrapper for AWS. It stores long-term identity keys using the native operating system secure keystore to prevent plaintext secrets from residing on disk. The tool orchestrates the exchange of long-term credentials for short-lived temporary sessions by assuming IAM roles, with support for multi-factor authentication and integration with AWS Identity Center for single sign-on access. It prevents credential exposure by injecting these temporary tokens directly into subprocesses or by simulating local metadata endpoints for software develop
Sidekick is a command-line tool that provisions bare VPS servers, transfers Docker images, manages secrets, and orchestrates zero-downtime deployments across single or multiple server instances. It handles the full deployment pipeline from a local machine, building container images locally and transferring them directly to the server without requiring a remote container registry. The tool distinguishes itself through an integrated approach to security and automation. It encrypts environment variables locally using SOPS and Age keys, then decrypts them on the server at deploy time for runtime
gocryptfs is a FUSE-based encrypted filesystem that transparently encrypts and decrypts file contents and filenames on disk. It uses block-level authenticated encryption with AES-GCM or AES-SIV-512, binding each block to its file header and offset for integrity, while obfuscating filenames with EME or AES-SIV wide-block ciphers using per-directory initialization vectors. The system derives all encryption keys and initialization vectors deterministically from a master key using HKDF and SHA256, enabling reproducible ciphertext for reliable backup and synchronization workflows. The project dist
MicroPython is a lean implementation of Python 3 optimized to run on microcontrollers and other resource-constrained systems. It serves as a cross-platform embedded runtime and hardware abstraction layer, providing a firmware framework that maps high-level software commands to specific microcontroller registers across diverse processor architectures. The project functions as an embedded language interpreter that enables rapid prototyping on hardware through an interactive read-eval-print loop. It supports a wide range of target environments, including ARM, ESP32, STM32, RISC-V, and WebAssembl
Microsandbox is a microVM sandbox runtime and hardware-isolated code executor designed for running untrusted code. It functions as an embedded virtual machine manager that allows applications to spawn and control lightweight virtual machines directly within code without the need for a background daemon. The system provides a secure execution environment for AI agents by exposing server controls that allow them to execute tools and manage files. It utilizes standard container image formats and volume workflows to initialize guest virtual machines and implements a secret management mechanism th