envcheck
> ⚡️ Fast .env linter with DevSecOps superpowers. Written in Rust 🦀_
v
> ⚡️ Fast .env linter with DevSecOps superpowers. Written in Rust 🦀_
Instantly detect and auto-fix keys, syntax, and formatting issues.
Ensure environment parity across teams and production stages.
Shift left with Kubernetes secrets validation and CI/CD guards.
envcheck is a fast, modern Rust CLI for linting .env files and ensuring environment synchronization across your entire DevSecOps stack.
| Feature | envcheck 🦀 | dotenv-linter |
|---|---|---|
| Linting | ✅ | ✅ |
| Compare | ✅ | ✅ |
| K8s Sync | ✅ | ❌ |
| Terraform | ✅ | ❌ |
| Ansible | ✅ | ❌ |
| Helm | ✅ | ❌ |
| ArgoCD | ✅ | ❌ |
| GitHub Actions Check | ✅ | ❌ |
| TUI Mode | ✅ | ❌ |
| SARIF Output | ✅ | ❌ |
| Config Files | ✅ | ❌ |
| Shell Completions | ✅ | ❌ |
| Auto-Fix + Commit/PR | ✅ | ✅ (fix only) |
| Integration | Command | What it checks |
|---|---|---|
| Kubernetes | envcheck k8s-sync | SecretKeyRef/ConfigMapKeyRef vs .env |
| Terraform | envcheck terraform | TF_VAR_* variable usage |
| Ansible | envcheck ansible | lookup('env', 'VAR') calls |
| GitHub Actions | envcheck actions | env: blocks in workflows |
| Helm | envcheck helm | SCREAMING_SNAKE_CASE in values.yaml |
| ArgoCD | envcheck argo | plugin.env and kustomize.commonEnv |
MIT License - See GitHub for details.