Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Envilder – Secure AWS SSM CLI for Environment Variable Management

Views: 302

Envilder is a lightweight, command-line utility written in Go that fetches environment variables from AWS Systems Manager (SSM) Parameter Store and sets them in your local shell or writes them to .env files. It’s intended to enforce single-source-of-truth practices for configuration management without over-engineering.

Envilder - Secure AWS SSM CLI for Environment Variable Management

Unlike tools that require a secrets backend, vaults, or CI/CD integrations, Envilder is a standalone, fast, and developer-friendly solution designed for day-to-day use by developers or deployment automation.

Core Features

  • Fetches AWS SSM Parameters with path-based scoping
  • Exports to .env files for use in local development or container environments
  • Sets live shell environment variables
  • Avoids parameter value caching to ensure fresh pulls
  • Written in Go, offering native binaries with no dependencies

Installation

Download pre-built binaries from the GitHub Releases page.

Or install with Go:

go install github.com/macalbert/envilder@latest

Usage Examples

Set shell environment variables from an SSM path:

envilder /myapp/dev

Write environment variables to a .env file:

envilder /myapp/dev > .env

The command recursively fetches all key-value pairs under the given path, trims the prefix, and formats them for export.

Example SSM Keys:

  • /myapp/dev/DB_USER
  • /myapp/dev/DB_PASS

Becomes:

DB_USER=admin
DB_PASS=s3cr3t

Use Cases

  • Developer onboarding – instantly pull the correct environment configs per stage
  • CI bootstrap – safely initialise jobs with ephemeral secrets from SSM
  • Local testing parity – ensure development mirrors production configuration
  • Configuration sanity – replace hardcoded .env values and .bashrc clutter

Security Considerations

  • Requires standard IAM credentials with ssm:GetParametersByPath access
  • Does not store secrets locally unless redirected to .env
  • Use with session-based credentials or limited-scope IAM roles for defence-in-depth

Pros and Cons

Pros

  • Simple and transparent
  • No infra, vault, or secrets manager dependencies
  • Fast and works well with modern toolchains

Cons

  • AWS-only (no support for GCP Secret Manager or Azure Key Vault)
  • Doesn’t support parameter decryption out of the box (you must allow decrypted values in SSM)
  • No UI or rotation scheduling

Final Thoughts

If you’re tired of .env rot or teams copying secrets between environments, Envilder is a welcome addition. It allows you to define configurations centrally in AWS SSM and access them securely and repeatably from anywhere. Ideal for modern development shops seeking minimal complexity with maximum clarity.

You can read more or download Envilder here: https://github.com/macalbert/envilder

Related Posts:

Share
Tweet
Share
Buffer
WhatsApp
Email

Filed Under: Cloud Security