# Install envchain with Homebrew, Nix

Secure your credentials in environment variables. Version 1.1.0 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:envchain
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install envchain
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#envchain
```

  Evidence: nixpkgs package indexes: pkgs/by-name/en/envchain/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:envchain
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/envchain>
- **Version:** 1.1.0
- **Source summary:** Secure your credentials in environment variables
- **Homepage:** <https://github.com/sorah/envchain>
- **Repository:** <https://github.com/sorah/envchain>
- **Upstream docs:** <https://github.com/sorah/envchain#readme>
- **License:** MIT
- **Source archive:** <https://github.com/sorah/envchain/archive/refs/tags/v1.1.0.tar.gz>
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- envchain (cli)
- envchain (alias)

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, monterey, sonoma, ventura, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.1.0
- Local data: ok
- Upstream repository: https://github.com/sorah/envchain
- Upstream latest detected: v1.1.0 (current)
- info: No package-manager update timestamp was available.
## Project history and usage

envchain is a security-focused CLI for storing secret environment variables in the macOS Keychain or a D-Bus Secret Service provider, then exposing them only for explicitly launched commands.

### Project history

The README positions envchain as a response to the common practice of putting credentials such as AWS access keys in shell initialization files. Instead of writing those secrets to `.bashrc` or `.zshrc`, envchain stores them in a secure vault under namespaced entries.

The project supports macOS Keychain and Linux Secret Service backends such as GNOME Keyring and KeePassXC. Its documented platform requirements include macOS versions from the OS X era and Linux systems with readline, libsecret, and D-Bus Secret Service support.

### Adoption history

envchain is a niche but established package-manager tool. Its README documents Homebrew installation, and Homebrew formula analytics showed hundreds of annual installs during this enrichment run. The input package facts also list Nix packaging.

### How it is used

Users create a namespace with `envchain --set NAMESPACE ENV ...`, enter secret values interactively, and then run commands as `envchain namespace command`. The tool injects only the variables from the requested namespace into that child process.

Multiple namespaces can be combined, which supports workflows such as separating AWS credentials from chatbot or service credentials while still composing them for a particular command.

### Why package nerds care

envchain is part of a family of small Unix secret-handling wrappers that try to make environment variables less dangerous without changing the tools that consume them. Its package value is in bridging native desktop secret stores with ordinary CLI workflows.

### Timeline

- 2010s: envchain documents OS X Keychain support and later Linux Secret Service support.
- 2010s: Homebrew installation is documented in the upstream README.
- 2020s: The tool remains packaged as a small credential wrapper for macOS and Linux.

### Related projects

- envchain relates to macOS Keychain, GNOME Keyring, KeePassXC, libsecret, and the D-Bus Secret Service specification.
- It overlaps with dotenv-style workflows, but stores values in platform secret stores rather than in project files.

### Sources

- <https://github.com/sorah/envchain/blob/master/README.md>
- <https://formulae.brew.sh/formula/envchain>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** envchain
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - envchain: normalized package name match | nixpkgs package indexes: pkgs/by-name/en/envchain/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [credstash](https://www.automicvault.com/pkg/brew/credstash/) - Shares av.db curated category or tags: cli, credentials, secrets-management, security.
- [doppler](https://www.automicvault.com/pkg/brew/doppler/) - Shares av.db curated category or tags: cli, environment-variables, secrets-management, security.
- [infisical](https://www.automicvault.com/pkg/brew/infisical/) - Shares av.db curated category or tags: cli, environment-variables, secrets-management, security.
- [teller](https://www.automicvault.com/pkg/brew/teller/) - Shares av.db curated category or tags: cli, environment-variables, secrets-management, security.
- [varlock](https://www.automicvault.com/pkg/brew/varlock/) - Shares av.db curated category or tags: cli, environment-variables, secrets-management, security.
- [vaulted](https://www.automicvault.com/pkg/brew/vaulted/) - Shares av.db curated category or tags: cli, environment-variables, secrets-management, security.
- [chamber](https://www.automicvault.com/pkg/brew/chamber/) - Shares av.db curated category or tags: cli, secrets-management, security.
- [fnox](https://www.automicvault.com/pkg/brew/fnox/) - Shares av.db curated category or tags: cli, secrets-management, security.

## Combined YAML source

View the package source record on GitHub. [combined/envchain.yml](https://github.com/automic-vault/db/blob/main/combined/envchain.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
