Env Config Manager
v1.0.0Manage environment configs with loading, switching, encryption, key rotation, validation, and team-safe secret sharing for .env, YAML, and JSON files.
⭐ 0· 21·0 current·0 all-time
byLv Lancer@kaiyuelv
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's description and SKILL.md claim features (SecretVault, AES-256-GCM encryption, key rotation, YAML/JSON management, team-safe sharing) that are not implemented in scripts/env_manager.py. The code exposes functions for load/save/switch/get/set/validate/diff for dotenv files only. This mismatch indicates the skill does not actually provide several of the capabilities it advertises.
Instruction Scope
SKILL.md and README reference environment variables (ENV_MANAGER_KEY, ENV_MANAGER_ENV) and high-level classes (EnvManager, SecretVault, ConfigValidator) that the runtime code does not define. SKILL.md also suggests running tests in a hard-coded workspace path (/root/.openclaw/...), which is a minor oddity but likely just an example. The instructions do not direct network calls or reading unrelated system paths, but they do mention secrets-related environment variables that are not declared in registry metadata.
Install Mechanism
No install spec is provided (instruction-only), and the package includes requirements.txt suggesting installation via pip. The requirements include cryptography and PyYAML even though the implementation doesn't use cryptography for encryption and only imports yaml without leveraging YAML features. This is disproportionate but not an active install-time red flag (no external downloads or extract steps).
Credentials
Registry metadata lists no required environment variables but SKILL.md documents ENV_MANAGER_KEY and ENV_MANAGER_ENV as configuration. ENV_MANAGER_KEY would be a sensitive secret if used; the fact it is documented but not declared and not actually used in the code is inconsistent. Requesting a master encryption key would be reasonable for an encryption feature, but here it's unimplemented — avoid providing such secrets to this skill until functionality is confirmed.
Persistence & Privilege
The skill does not request elevated persistence (always is false) and uses normal agent invocation defaults. It does not modify other skills or system-wide settings in the included code. No additional privilege concerns detected.
What to consider before installing
The package documentation promises secret encryption, key rotation and YAML/JSON handling, but the actual code only implements basic .env file operations and validation. Do not supply any real encryption keys, API keys, or production secrets to this skill. If you need the advertised features, ask the author or inspect the repository for the missing implementation of SecretVault/EnvManager classes and the encryption code. If you plan to use it, run the bundled tests locally, review scripts/env_manager.py line-by-line, and consider running it in an isolated environment until you confirm it does what the docs claim. If you require true encrypted secret handling, prefer a well-audited tool or confirm that encryption is actually implemented and properly reviewed before storing production secrets.Like a lobster shell, security has layers — review code before you run it.
configdevelopmentdotenvenvlatestsecrets
env-config-manager - 环境配置管理器
Metadata
| Field | Value |
|---|---|
| Name | env-config-manager |
| Slug | env-config-manager |
| Version | 1.0.0 |
| Homepage | https://github.com/openclaw/env-config-manager |
| Category | development |
| Tags | env, config, dotenv, secrets, yaml, json, encryption, variables |
Description
English
A comprehensive environment configuration manager for handling .env files, YAML/JSON configs, secret encryption, and multi-environment switching. Supports key rotation, variable validation, and team-safe secret sharing.
中文
环境配置管理器,用于管理 .env 文件、YAML/JSON 配置、密钥加密和多环境切换。支持密钥轮换、变量验证和团队安全共享。
Requirements
- Python 3.8+
- python-dotenv >= 1.0.0
- PyYAML >= 6.0
- cryptography >= 41.0.0
- click >= 8.0.0
Configuration
Environment Variables
ENV_MANAGER_KEY=your-master-encryption-key
ENV_MANAGER_ENV=development
Usage
Load and Switch Environments
from env_config_manager import EnvManager
# Load .env file
env = EnvManager.load(".env")
# Switch to production config
env.switch("production")
# Get variable with fallback
db_url = env.get("DATABASE_URL", default="sqlite:///default.db")
Encrypt Secrets
from env_config_manager import SecretVault
vault = SecretVault(key="your-master-key")
encrypted = vault.encrypt("super-secret-api-key")
# Store encrypted in .env: API_KEY=ENC(vault,encrypted_value)
decrypted = vault.decrypt(encrypted)
Validate Configuration
from env_config_manager import ConfigValidator
schema = {
"DATABASE_URL": {"required": True, "type": "url"},
"PORT": {"required": True, "type": "int", "min": 1024, "max": 65535},
"DEBUG": {"required": False, "type": "bool", "default": False}
}
validator = ConfigValidator(schema)
errors = validator.validate(env)
API Reference
EnvManager
load(path)- Load environment from fileswitch(env_name)- Switch to named environmentget(key, default=None)- Get variable valueset(key, value)- Set variablesave(path)- Save current state to filediff(other_env)- Compare two environments
SecretVault
encrypt(plaintext)- Encrypt a secretdecrypt(ciphertext)- Decrypt a secretrotate_key(new_key)- Re-encrypt with new key
ConfigValidator
validate(env)- Validate environment against schemaadd_rule(key, rule)- Add validation rule
Examples
See examples/ directory for complete examples.
Testing
cd /root/.openclaw/workspace/skills/env-config-manager
python -m pytest tests/ -v
License
MIT License
Comments
Loading comments...