Skip to main content
Version: Next

Presentation

secenv is an utility tool to list, read and fill secrets from multiple stores. It also defines contexts, and generates the associated environment values.

For now, secenv can read secrets from:

  • AKeyLess, using the akeyless library
  • Azure Key Vault, using the azure-keyvault-secrets library
  • AWS SecretsManager, using the boto3 library
  • Bitwarden, using the rbw unofficial CLI (it is planned to migrate to plain Python)
  • Environment, using the os built-in library
  • GCP Secret Manager, using the google-cloud-secret-manager library
  • GNU Pass, using the passpy library
  • Hashicorp Vault, using the hvac library
  • Scaleway Secret Manager, using plain HTTP requests

Once the secrets get read, one can define a context, basically a list of secrets, and switch to this context. One can define as well a list of secrets to provide, and secenv will ask, for each secret and if it doesn't exist yet, for a value to fill it.