varlock

 ██▒   █▓ ▄▄▄       ██▀███   ██▓     ▒█████   ▄████▄   ██ ▄█▀
 ▓██░   █▒▒████▄    ▓██ ▒ ██▒▓██▒    ▒██▒  ██▒▒██▀ ▀█   ██▄█▒ 
  ▓██  █▒░▒██  ▀█▄  ▓██ ░▄█ ▒▒██░    ▒██░  ██▒▒██    ▄ ▓███▄░ 
   ▒██ █░░░██▄▄▄▄██ ▒██▀▀█▄  ▒██░    ▒██   ██░▒██▄ ▄██▒▓██ █▄ 
    ▒▀█░   ▓█   ▓██▒░██▓ ▒██▒░██████▒░ █████▒░▒ ████▀ ░▒██▒ █▄
    ░ ▐░   ▒▒   ▓▒█░░ ▒▓ ░▒▓░░ ▒░▓  ░░ ▒░▒░▒░ ░ ░▒ ▒  ░▒ ▒▒ ▓▒
    ░ ░░    ▒   ▒▒ ░  ░▒ ░ ▒░░ ░ ▒  ░  ░ ▒ ▒░   ░  ▒   ░ ░▒ ▒░
      ░░    ░   ▒     ░░   ░   ░ ░   ░ ░ ░ ▒  ░        ░ ░░ ░ 
       ░        ░  ░   ░         ░  ░    ░ ░  ░ ░      ░  ░

Varlock gives your environment variables guardrails with validation, type-safety, coercion, and secure secret integrations.

# Install as standalone CLI
brew install varlock
cd my-project
varlock init

# OR init and install as a dependency in a js project
npx varlock init

Get Started

It scans your project for `.env` and `.env.example` files and creates a `.env.schema` file for you.

# This file uses env-spec - see https://github.com/varlock/env-spec for more info
# @envFlag=APP_ENV
# @defaultSensitive=false @defaultRequired=false
# ---

# Env flag
# @type=enum(development, staging, production, test)
APP_ENV=development

# this will be overridden in .env.production
SOME_VAR=default-value

# @type=number(precision=0)
NUMBER_ITEM=123.45

# @type=email(normalize=true)
EMAIL_ITEM=HEllO@example.com #output: hello@example.com

# @type=url
URL_ITEM=https://example.com

# @type=port
PORT="5678"

INFER_NUM=123
INFER_BOOL=true
INFER_STR=asdf

NOT_SENSITIVE_ITEM="not-sensitive"

# @sensitive
SENSITIVE_ITEM=secret-value

Reference Docs

How it works

Using a combination of a CLI and Desktop app, your secrets are securely encrypted. They are never stored on disk and secured via your fingerprint.

Benefits

Validation of environment variables
Coercion based on types
Encryption backed by biometrics
Drop-in replacement for dotenv

Workflow

Run `varlock init`
Add any secret values
Run `varlock encrypt`
Use encrypted values via `varlock run`