Metadata-Version: 2.4
Name: python-kv-dotenv
Version: 0.1.0
Summary: Load .env files and resolve Azure Key Vault secret URLs.
Keywords: dotenv,azure,key-vault,secrets,environment
Author: Fernando Mendez
Author-email: Fernando Mendez <fernandomendez@tfl.gov.uk>
License-Expression: MIT
License-File: LICENSE
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Dist: azure-identity>=1.25.3
Requires-Dist: azure-keyvault-secrets>=4.10.0
Requires-Dist: python-dotenv>=1.2.2
Requires-Python: >=3.12
Description-Content-Type: text/markdown

# python-kv-dotenv

`python-kv-dotenv` is a small wrapper around `python-dotenv` that resolves Azure Key Vault secret references while loading `.env` files.

It keeps `python-dotenv` file discovery and variable interpolation behavior, and adds support for wrapped Key Vault URLs in env values.

## Install

```bash
pip install python-kv-dotenv
```

## Supported `kv:` format

```text
kv:https://<vault>.vault.azure.net/secrets/<secret-name>
kv:https://<vault>.vault.azure.net/secrets/<secret-name>/<secret-version>
```

## Example

`.env`

```dotenv
MAXIMO_CONNSTRING=kv:https://example.vault.azure.net/secrets/maximo-prod-connstring
ENV=dev
```

Python:

```python
import os

from python_kv_dotenv import load_kv_dotenv

load_kv_dotenv()

print(os.environ["ENV"])
print("MAXIMO_CONNSTRING" in os.environ)
```

## Authentication

Secret resolution uses `azure.identity.DefaultAzureCredential` by default.

You can also pass a custom Azure credential:

```python
from azure.identity import DefaultAzureCredential

from python_kv_dotenv import load_kv_dotenv

load_kv_dotenv(credential=DefaultAzureCredential())
```

## Notes

- Non-`kv:` values are loaded like normal `python-dotenv` values.
- `kv:` references are resolved before later `${VAR}` interpolation uses them.
- Secret lookup failures are fail-fast and raise the underlying Azure error.
