EnvShield is a security-first CLI that brings professional governance to your local development lifecycle. Define your environment as a schema, eliminate drift, and prevent secret leaks before they happen.
pip install envshield
Secret leaks and configuration bugs happen because `.env` files are an afterthought. EnvShield makes them a core, governed part of your project with a single source of truth: the `env.schema.toml` file.
Explicitly define every environment variable your project needs in a simple, version-controlled schema. No more guessing what `API_KEY` is for.
Say goodbye to outdated `.env.example` files. `envshield schema sync` generates a perfect, commented example file directly from your schema, every time.
`envshield check` and `envshield scan` ensure that every local setup and every line of code adheres to the contract, eliminating drift and "shadow" variables.
Guides, tutorials, and deep dives into modern development workflows.
Workflow & Productivity
If your project's
.env.example file had a
relationship status, it would be βItβs
Complicated.β Time for an upgrade...
Security & Secret Management
Compare two of 2025βs top secret-scanning tools and find out which fits your workflow best.
EnvShield transforms your most painful workflows into a secure, automated process.
Run `envshield init` in a new or existing project. EnvShield intelligently detects your framework (Next.js, Django, Flask) and scaffolds a complete, best-practice foundation: a schema, a `.gitignore` update, and an automated security hook, all in one command.
envshield init
All the commands you need to enforce a secure and consistent local workflow.
Scaffolds a new project with a schema, config, and security hook in one command.
Intelligently converts a messy, existing `.env` file into a clean `env.schema.toml` in seconds.
Scans for hardcoded secrets and undeclared variables used in your code, preventing leaks.
Auto-generates a perfect `.env.example` from your schema, keeping documentation in sync.
An interactive wizard to help new developers create their local `.env` file in minutes.
Validates your local `.env` file against the schema, catching typos and missing variables.
Runs a full health check on your setup and provides interactive fixes with the `--fix` flag.
A scanner is a smoke detector. A cloud vault is a bank. EnvShield is the fireproof, self-organizing house you should have been living in all along.
| Developer Pain Point | π‘οΈ EnvShield | TruffleHog / Gitleaks | Doppler / Infisical |
|---|---|---|---|
| Preventing Secret Commits | β Built-in Hook | β Core Feature | β Indirectly |
| Migrating Existing Projects | β `import` command | β Not Addressed | β Not Addressed |
| New Developer Setup | β `setup` command | β Not Addressed | β Via Cloud |
| Handling Config Drift | β Solved via Schema | β Not Addressed | β Solved via Cloud |
| Primary Focus | Complete Local Workflow | Secret Detection Engine | Cloud-Based Secret Vault |
Phase 1 is the free, powerful "Local Guardian." Upcoming paid tiers will turn EnvShield into a complete collaboration and automation platform for teams and enterprises.