UNPKG

envilder

Version:

A CLI and GitHub Action that securely centralizes your environment variables from AWS SSM or Azure Key Vault as a single source of truth

117 lines (83 loc) 4.77 kB
## [0.5.0] - 2026-06-26 ### Added * **New `ExpiredCredentialsError`**: Exported from `envilder` and raised by the AWS SSM provider on expired or invalid credentials (e.g. an expired session token), with an actionable message guiding you to refresh credentials (e.g. run `aws sso login`) * **New `SsoSessionExpiredError`**: Exported from `envilder` and raised by the AWS SSM provider when an AWS SSO session can no longer be resolved, with an actionable message that names the AWS profile and the `aws sso login --profile <name>` command to run. A plain expired session token still raises `ExpiredCredentialsError` ([#378](https://github.com/macalbert/envilder/issues/378)) --- ## [0.4.0] - 2026-05-03 ### Added * **Map-file JSON Schema support**: Map files can now include `"$schema": "https://envilder.com/schema/map-file.v1.json"` for IDE autocomplete and validation without affecting secret resolution ### Fixed * **Reserved key filtering**: All `$`-prefixed keys are now excluded from variable mappings. Previously only `$config` was filtered ([#218](https://github.com/macalbert/envilder/pull/218)) --- ## [0.3.2] - 2026-04-18 ### Changed * **Encapsulate `SecretProviderFactory`**: Renamed to `_SecretProviderFactory` and removed from public re-exports; consumers should use the `Envilder` facade instead of creating providers manually ([#167](https://github.com/macalbert/envilder/pull/167)) * **Cross-provider validation**: `_SecretProviderFactory.create()` now rejects invalid combinations: AWS profile with Azure provider, or vault URL with AWS provider ([#167](https://github.com/macalbert/envilder/pull/167)) ### Fixed * **Delegate default AWS region resolution to boto3**: When no profile is set, the factory no longer manually resolves the region from environment variables. Instead it creates a plain `boto3.Session()` which uses the full AWS SDK resolution chain (env vars → `~/.aws/config` → instance metadata), correctly picking up the default config file settings ([#166](https://github.com/macalbert/envilder/pull/166)) --- ## [0.3.1] - 2026-04-17 ### Fixed * **Remove `mypy-boto3-ssm` runtime dependency**: `AwsSsmSecretProvider` imported `mypy_boto3_ssm.SSMClient` at runtime, but the package is a dev-only type stub. Consumers installing `envilder` from PyPI got `ModuleNotFoundError`. Replaced with `botocore.client.BaseClient` which is already bundled with `boto3` ([#165](https://github.com/macalbert/envilder/pull/165)) --- ## [0.3.0] - 2026-04-17 ### Added * **Environment-based loading**: `Envilder.load(env, env_mapping)` and `Envilder.resolve_file(env, env_mapping)` accept a dictionary mapping environment names to map file paths (or `None` to skip). Enables environment-aware secret loading without external branching logic ([#163](https://github.com/macalbert/envilder/pull/163)) * **Source validation**: Empty or whitespace-only file paths in `env_mapping` now raise `ValueError` with a descriptive message including the environment key --- ## [0.2.0] - 2026-04-16 ### Added * **Fluent API facade**: `Envilder` high-level entry point with `load()`, `resolve_file()`, and `from_map_file()` methods, plus fluent override methods (`with_provider()`, `with_vault_url()`, `with_profile()`) ([#161](https://github.com/macalbert/envilder/pull/161)) * **Facade docstrings**: All public methods on the `Envilder` facade now have docstrings with usage examples, improving IDE tooltips and `help()` output for external consumers --- ## [0.1.0] - 2026-04-14 ### Added * **Initial release**: Runtime library for loading secrets from AWS SSM Parameter Store or Azure Key Vault directly into Python applications ([#157](https://github.com/macalbert/envilder/pull/157)) * `Envilder` facade: High-level entry point with `load()`, `resolve_file()`, and `from_map_file()` methods * `EnvilderClient`: Resolves secrets from a map-file and injects them into `os.environ` * `MapFileParser`: Parses `envilder.json` files with `$config` section and variable mappings * `SecretProviderFactory`: Creates the appropriate secret provider based on configuration * `AwsSsmSecretProvider`: Fetches secrets from AWS SSM Parameter Store via boto3 * `AzureKeyVaultSecretProvider`: Fetches secrets from Azure Key Vault * `EnvilderOptions`: Runtime overrides for provider, vault URL, and AWS profile * Synchronous API: no async/await, uses boto3 natively * Protocol-based ports: Python `Protocol` instead of ABC * Python 3.10+ with full type annotations (`py.typed`) * Published to PyPI as `envilder` ### Testing * Unit tests with pytest using `Should_<Expected>_When_<Condition>` naming * Acceptance tests with TestContainers (LocalStack for AWS, Lowkey Vault for Azure)