macOS
brew install envchainlocal Homebrew formula metadata
brew
Secure your credentials in environment variables. Version 1.1.0 via Homebrew; verified from local package data.
install
brew install envchainlocal Homebrew formula metadata
nix profile install nixpkgs#envchainnixpkgs package indexes · pkgs/by-name/en/envchain/package.nix · source: api.github.com
overview
Secure your credentials in environment variables
history
envchain is a security-focused CLI for storing secret environment variables in the macOS Keychain or a D-Bus Secret Service provider, then exposing them only for explicitly launched commands.
The README positions envchain as a response to the common practice of putting credentials such as AWS access keys in shell initialization files. Instead of writing those secrets to `.bashrc` or `.zshrc`, envchain stores them in a secure vault under namespaced entries.
The project supports macOS Keychain and Linux Secret Service backends such as GNOME Keyring and KeePassXC. Its documented platform requirements include macOS versions from the OS X era and Linux systems with readline, libsecret, and D-Bus Secret Service support.
envchain is a niche but established package-manager tool. Its README documents Homebrew installation, and Homebrew formula analytics showed hundreds of annual installs during this enrichment run. The input package facts also list Nix packaging.
Users create a namespace with `envchain --set NAMESPACE ENV ...`, enter secret values interactively, and then run commands as `envchain namespace command`. The tool injects only the variables from the requested namespace into that child process.
Multiple namespaces can be combined, which supports workflows such as separating AWS credentials from chatbot or service credentials while still composing them for a particular command.
envchain is part of a family of small Unix secret-handling wrappers that try to make environment variables less dangerous without changing the tools that consume them. Its package value is in bridging native desktop secret stores with ordinary CLI workflows.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
envchain | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/sorah/envchain
install metadata
| Package key | brew:envchain |
|---|---|
| Version | 1.1.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/envchain |
| Homepage | https://github.com/sorah/envchain |
| Repository | https://github.com/sorah/envchain |
| Upstream docs | https://github.com/sorah/envchain#readme |
| License | MIT |
| Source archive | https://github.com/sorah/envchain/archive/refs/tags/v1.1.0.tar.gz |
| Bottle | available (on arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, monterey, sonoma, ventura, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | envchain |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
envchain
nix profile install nixpkgs#envchainsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.