Secrets Management

One of the core use cases for Varlock is to manage secrets.

Handling Secrets

varlock uses the term “sensitive” to describe any value that should not be committed to version control. This includes secrets, passwords, and other generally sensitive information.

For local development, varlock allows you to encrypt sensitive values in your .env.* files using varlock encrypt and then decrypt them using varlock load or varlock run.

This (currently) works exclusively for local development since it relies on encryption keys stored on your system.

Coming soon

We’ll be adding support for cloud-based secret storage in the very near future.

Encryption via varlock

1. Install varlock including the desktop app
2. Add sensitive values to your .env.* file(s)
3. Encrypt them using varlock encrypt
4. Decrypt them using varlock load or varlock run

Using 3rd party tools

varlock is compatible with any 3rd party tool that supports fetching secrets via a CLI. Using function syntax and eval, you can use any 3rd party tool to fetch secrets.

Here’s an example using 1Password:

# A secret in 1Password
# @sensitive @required
MY_SECRET=eval(`op read "op://devTest/myVault/credential"`);