Envilder 0.4.0
dotnet add package Envilder --version 0.4.0
NuGet\Install-Package Envilder -Version 0.4.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Envilder" Version="0.4.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="Envilder" Version="0.4.0" />
<PackageReference Include="Envilder" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add Envilder --version 0.4.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: Envilder, 0.4.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package Envilder@0.4.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=Envilder&version=0.4.0
#tool nuget:?package=Envilder&version=0.4.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
Envilder .NET SDK
Securely load environment variables from AWS SSM Parameter Store or Azure Key Vault directly into your .NET application. Zero vendor lock-in — secrets stay in your cloud.
Part of the Envilder project.
Prerequisites
- .NET Standard 2.0 compatible runtime (.NET 6+, .NET Framework 4.6.1+, and any netstandard2.0-compatible target)
- AWS provider: AWS credentials configured (CLI, environment variables, or IAM role)
- Azure provider: Azure credentials via
az login, managed identity, or environment variables
Install
dotnet add package Envilder
Quick Start
One-liner — resolve + inject
using Envilder;
// Resolve secrets from the map file and inject into Environment
Env.Load("envilder.json");
// Access via standard environment variable API
var dbPassword = Environment.GetEnvironmentVariable("DB_PASSWORD");
Resolve without injecting
using Envilder;
var secrets = Env.ResolveFile("envilder.json");
var dbPassword = secrets["DB_PASSWORD"];
Async variants
Every method has an async counterpart:
using Envilder;
await Env.LoadAsync("envilder.json");
var secrets = await Env.ResolveFileAsync("envilder.json");
Fluent builder (with overrides)
Override the map file's $config at runtime — useful for switching providers, profiles, or vault URLs per environment:
using Envilder;
// Override provider + vault URL
var secrets = Env.FromMapFile("envilder.json")
.WithProvider(SecretProviderType.Azure)
.WithVaultUrl("https://my-vault.vault.azure.net")
.Resolve();
// Override AWS profile and inject
Env.FromMapFile("envilder.json")
.WithProfile("staging")
.Inject();
// Async versions
var secrets = await Env.FromMapFile("envilder.json")
.WithProvider(SecretProviderType.Azure)
.WithVaultUrl("https://my-vault.vault.azure.net")
.ResolveAsync();
await Env.FromMapFile("envilder.json")
.WithProfile("staging")
.InjectAsync();
Environment-based loading
Route secret loading based on your current environment. Each environment maps to its own
secrets file (or null to skip loading):
using Envilder;
var env = Environment.GetEnvironmentVariable("APP_ENV") ?? "development";
// Resolve + inject
Env.Load(env, new Dictionary<string, string?>
{
["production"] = "prod-secrets.json",
["development"] = "dev-secrets.json",
["test"] = null, // no secrets loaded
});
Resolve without injecting:
var secrets = Env.ResolveFile(env, new Dictionary<string, string?>
{
["production"] = "prod-secrets.json",
["development"] = "dev-secrets.json",
["test"] = null,
});
Behaviour:
- If the environment maps to a file path, secrets are loaded from that file.
- If the environment maps to
nullor is not in the mapping, an empty dictionary is returned silently. - Empty or whitespace-only environment names throw
ArgumentException.
Secret validation
Opt-in validation ensures all resolved secrets have non-empty values:
using Envilder;
var secrets = Env.ResolveFile("envilder.json");
secrets.ValidateSecrets(); // throws SecretValidationException if any value is empty
ValidateSecrets() is an extension method on IReadOnlyDictionary<string, string> that:
- Throws
SecretValidationExceptionwhen the dictionary is empty - Throws
SecretValidationExceptionlisting the keys whose values are null, empty, or whitespace - Passes silently when all values are present
Via IConfiguration (ASP.NET)
using Microsoft.Extensions.Configuration;
var config = new ConfigurationBuilder()
.AddEnvilder("envilder.json")
.Build();
var dbPassword = config["DB_PASSWORD"];
Secrets with / in their paths are normalized to configuration sections:
{
"Database/ConnectionString": "/app/prod/db-connection",
"Database/Password": "/app/prod/db-password"
}
var dbSettings = config.GetSection("Database");
var connString = dbSettings["ConnectionString"];
Via IServiceCollection (ASP.NET DI)
services.AddEnvilder("envilder.json");
With runtime overrides (IConfiguration)
Pass EnvilderOptions to override the map file's $config from code:
using Envilder;
using Microsoft.Extensions.Configuration;
var config = new ConfigurationBuilder()
.AddEnvilder("envilder.json", new EnvilderOptions
{
Provider = SecretProviderType.Azure,
VaultUrl = "https://my-vault.vault.azure.net",
})
.Build();
API Reference
Static facade (Env)
| Method | Description |
|---|---|
Load(path) |
Resolve secrets and inject into Environment |
LoadAsync(path, ct?) |
Async version of Load |
ResolveFile(path) |
Resolve secrets, return as IReadOnlyDictionary |
ResolveFileAsync(path, ct?) |
Async version of ResolveFile |
Load(env, mapping) |
Environment-based resolve + inject |
LoadAsync(env, mapping, ct?) |
Async version |
ResolveFile(env, mapping) |
Environment-based resolve |
ResolveFileAsync(env, mapping, ct?) |
Async version |
FromMapFile(path) |
Returns EnvilderBuilder for fluent configuration |
Fluent builder (EnvilderBuilder)
| Method | Description |
|---|---|
WithProvider(type) |
Override secret provider (AWS/Azure) |
WithProfile(name) |
Override AWS named profile |
WithVaultUrl(url) |
Override Azure Key Vault URL |
Resolve() |
Resolve secrets, return as dictionary |
ResolveAsync(ct?) |
Async version of Resolve |
Inject() |
Resolve + inject into Environment |
InjectAsync(ct?) |
Async version of Inject |
Validation (SecretValidationExtensions)
| Method | Description |
|---|---|
ValidateSecrets() |
Throws SecretValidationException if any value is empty or dictionary is empty |
IConfiguration integration
| Method | Description |
|---|---|
AddEnvilder(path, options?) |
Add Envilder as an IConfigurationBuilder source |
Dependency injection
| Method | Description |
|---|---|
AddEnvilder(path, options?) |
Register Envilder secrets into IServiceCollection |
Map File Format
{
"$schema": "https://envilder.com/schema/map-file.v1.json",
"$config": {
"provider": "aws",
"profile": "my-profile"
},
"DB_PASSWORD": "/app/prod/db-password",
"API_KEY": "/app/prod/api-key"
}
Supported providers: aws (default), azure.
For Azure, add vaultUrl:
{
"$schema": "https://envilder.com/schema/map-file.v1.json",
"$config": {
"provider": "azure",
"vaultUrl": "https://my-vault.vault.azure.net"
},
"DB_PASSWORD": "db-password",
"API_KEY": "api-key"
}
Links
License
MIT
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
| .NET Core | netcoreapp2.0 was computed. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
| .NET Standard | netstandard2.0 is compatible. netstandard2.1 was computed. |
| .NET Framework | net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed. |
| MonoAndroid | monoandroid was computed. |
| MonoMac | monomac was computed. |
| MonoTouch | monotouch was computed. |
| Tizen | tizen40 was computed. tizen60 was computed. |
| Xamarin.iOS | xamarinios was computed. |
| Xamarin.Mac | xamarinmac was computed. |
| Xamarin.TVOS | xamarintvos was computed. |
| Xamarin.WatchOS | xamarinwatchos was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
.NETStandard 2.0
- AWSSDK.SimpleSystemsManagement (>= 4.0.7.17)
- Azure.Identity (>= 1.21.0)
- Azure.Security.KeyVault.Secrets (>= 4.11.0)
- Microsoft.Extensions.Configuration (>= 10.0.8)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 10.0.8)
- System.Text.Json (>= 10.0.8)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.