{"id":28411317,"url":"https://github.com/dmno-dev/varlock","last_synced_at":"2026-06-11T23:01:02.873Z","repository":{"id":293153189,"uuid":"964356943","full_name":"dmno-dev/varlock","owner":"dmno-dev","description":"AI-safe .env files: Schemas for agents, Secrets for humans.","archived":false,"fork":false,"pushed_at":"2026-06-11T06:00:08.000Z","size":19102,"stargazers_count":3616,"open_issues_count":45,"forks_count":100,"subscribers_count":8,"default_branch":"main","last_synced_at":"2026-06-11T06:21:29.581Z","etag":null,"topics":["configuration","dotenv","env","env-vars","schema","security","validation"],"latest_commit_sha":null,"homepage":"https://varlock.dev","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dmno-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2025-04-11T05:00:36.000Z","updated_at":"2026-06-11T02:11:46.000Z","dependencies_parsed_at":"2026-04-01T21:01:32.352Z","dependency_job_id":null,"html_url":"https://github.com/dmno-dev/varlock","commit_stats":null,"previous_names":["dmno-dev/varlock"],"tags_count":271,"template":false,"template_full_name":null,"purl":"pkg:github/dmno-dev/varlock","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmno-dev%2Fvarlock","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmno-dev%2Fvarlock/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmno-dev%2Fvarlock/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmno-dev%2Fvarlock/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dmno-dev","download_url":"https://codeload.github.com/dmno-dev/varlock/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmno-dev%2Fvarlock/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34221150,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-11T02:00:06.485Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["configuration","dotenv","env","env-vars","schema","security","validation"],"created_at":"2025-06-02T15:14:28.134Z","updated_at":"2026-06-11T23:01:02.867Z","avatar_url":"https://github.com/dmno-dev.png","language":"TypeScript","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://varlock.dev\" target=\"_blank\" rel=\"noopener noreferrer\"\u003e\n    \u003cimg src=\"/packages/varlock-website/src/assets/logos/wordmark.png\" alt=\"Varlock banner\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\u003cbr/\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://npmjs.com/package/varlock\"\u003e\u003cimg src=\"https://img.shields.io/npm/v/varlock.svg\" alt=\"npm package\"\u003e\u003c/a\u003e\n  \u003ca href=\"/LICENSE.md\"\u003e\u003cimg src=\"https://img.shields.io/npm/l/varlock.svg\" alt=\"license\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://nodejs.org/en/about/previous-releases\"\u003e\u003cimg src=\"https://img.shields.io/node/v/varlock.svg\" alt=\"node compatibility\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/dmno-dev/varlock/actions/workflows/test.yaml\"\u003e\u003cimg src=\"https://img.shields.io/github/actions/workflow/status/dmno-dev/varlock/test.yaml?style=flat\u0026logo=github\u0026label=CI\" alt=\"build status\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://chat.dmno.dev\"\u003e\u003cimg src=\"https://img.shields.io/badge/chat-discord-5865F2?style=flat\u0026logo=discord\" alt=\"discord chat\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cbr/\u003e\n\n## Varlock\n\u003e AI-safe .env files: Schemas for agents, Secrets for humans.\n\n- 🤖 AI-safe config — agents read your schema, never your secrets\n- 🔍 proactive leak scanning via `varlock scan` + git hooks\n- 🔏 runtime protection — log redaction and leak prevention\n- 🛡️ validation, coercion, type safety w/ IntelliSense\n- 🌐 flexible multi-environment management — auto .env.* loading and explicit import\n- 🔌 [plugins](https://varlock.dev/plugins/overview/) to pull data from various backends (1Password, Infisical, AWS, Azure, GCP, HCP Vault, more!)\n\nUnlike .env.example, **your .env.schema is a single source of truth**, built for collaboration, that will never be out of sync.\n\n```bash\n# @defaultSensitive=false @defaultRequired=infer @currentEnv=$APP_ENV\n# ---\n# our environment flag, will control automatic loading of `.env.xxx` files\n# @type=enum(development, preview, production, test)\nAPP_ENV=development # default value, can override\n\n# @type=port\nAPI_PORT=8080 # non-sensitive values can be set directly\n\n# API url including _expansion_ referencing another env var\n# @type=url\nAPI_URL=http://localhost:${API_PORT}\n\n# sensitive api key, with extra validation\n# @required @sensitive @type=string(startsWith=sk-)\nOPENAI_API_KEY=\n```\n\n**Flexible plugin system**: adds new decorators, functions, types - enables secure declarative secret loading.\n\n```bash\n# @plugin(@varlock/1password-plugin)\n# @initOp(token=$OP_TOKEN, allowAppAuth=forEnv(dev), account=acmeco)\n# ---\n\n# @type=opServiceAccountToken @sensitive\nOP_TOKEN=\n\n# Fetch secrets using 1Password secret references\nDB_PASS=op(op://my-vault/database-password/password)\nAPI_KEY=op(op://api-vault/stripe/api-key)\n```\n\n## Installation\n\nYou can get started with varlock by installing the CLI:\n\n```bash\n# Run the installation wizard, which will install as a dependency in a JavaScript project\nnpx varlock init\n\n# Or install as standalone binary\nbrew install dmno-dev/tap/varlock # via homebrew\ncurl -sSfL https://varlock.dev/install.sh | sh -s # via cURL\n\n# Or use the official Docker image\ndocker pull ghcr.io/dmno-dev/varlock:latest\n```\nSee the full [installation docs](https://varlock.dev/getting-started/installation/) or the [Docker guide](https://varlock.dev/guides/docker/) for more information.\n\n\n## Workflow\n\nValidate your `.env.schema` and pretty print your environment variables with:\n\n```bash\nvarlock load\n```\n\nIf you need to pass resolved env vars into another process, you can run:\n\n```bash\nvarlock run -- python script.py\n```\n\nIn many cases you can use our [drop-in integrations](https://varlock.dev/integrations/javascript/) for seamless experience - with additional security guardrails, like log redaction and leak prevention.\n\n## AI-Safe Config\n\nYour `.env.schema` gives AI agents full context on your config — variable names, types, validation rules, descriptions — without ever exposing secret values. Combined with `varlock scan` to catch leaked secrets in AI-generated code, varlock is purpose-built for the AI era. Learn more in the [AI-safe config guide](https://varlock.dev/guides/ai-tools/).\n\n## @env-spec\n\nVarlock is built on top of @env-spec, a new DSL for attaching a schema and additional functionality to .env files using JSDoc style comments. The @env-spec package contains a parser and info about the spec itself.\n\n- @env-spec [docs](https://varlock.dev/env-spec/overview/)\n- @env-spec [RFC](https://github.com/dmno-dev/varlock/discussions/17)\n\n\n## Published Packages\n\n### Core\n| Package | Published listing page |\n| --- | --- |\n| [varlock](packages/varlock) | [![npm version](https://img.shields.io/npm/v/varlock.svg)](https://npmjs.com/package/varlock) |\n| [@env-spec/parser](packages/env-spec-parser) | [![npm version](https://img.shields.io/npm/v/@env-spec/parser.svg)](https://npmjs.com/package/@env-spec/parser) |\n| [@env-spec VSCode extension](packages/vscode-plugin) | [VSCode Marketplace](https://marketplace.visualstudio.com/items?itemName=varlock.env-spec-language), [Open VSX Registry](https://open-vsx.org/extension/varlock/env-spec-language) |\n| [varlock Docker image](Dockerfile) | [GitHub Container Registry](https://github.com/orgs/dmno-dev/packages/container/package/varlock) |\n\n### Plugins\n| Package | Published listing page |\n| --- | --- |\n| [@varlock/1password-plugin](packages/plugins/1password) | [![npm version](https://img.shields.io/npm/v/@varlock/1password-plugin.svg)](https://npmjs.com/package/@varlock/1password-plugin) |\n| [@varlock/aws-secrets-plugin](packages/plugins/aws-secrets) | [![npm version](https://img.shields.io/npm/v/@varlock/aws-secrets-plugin.svg)](https://npmjs.com/package/@varlock/aws-secrets-plugin) |\n| [@varlock/azure-key-vault-plugin](packages/plugins/azure-key-vault) | [![npm version](https://img.shields.io/npm/v/@varlock/azure-key-vault-plugin.svg)](https://npmjs.com/package/@varlock/azure-key-vault-plugin) |\n| [@varlock/bitwarden-plugin](packages/plugins/bitwarden) | [![npm version](https://img.shields.io/npm/v/@varlock/bitwarden-plugin.svg)](https://npmjs.com/package/@varlock/bitwarden-plugin) |\n| [@varlock/google-secret-manager-plugin](packages/plugins/google-secret-manager) | [![npm version](https://img.shields.io/npm/v/@varlock/google-secret-manager-plugin.svg)](https://npmjs.com/package/@varlock/google-secret-manager-plugin) |\n| [@varlock/hashicorp-vault-plugin](packages/plugins/hashicorp-vault) | [![npm version](https://img.shields.io/npm/v/@varlock/hashicorp-vault-plugin.svg)](https://npmjs.com/package/@varlock/hashicorp-vault-plugin) |\n| [@varlock/infisical-plugin](packages/plugins/infisical) | [![npm version](https://img.shields.io/npm/v/@varlock/infisical-plugin.svg)](https://npmjs.com/package/@varlock/infisical-plugin) |\n| [@varlock/keepass-plugin](packages/plugins/keepass) | [![npm version](https://img.shields.io/npm/v/@varlock/keepass-plugin.svg)](https://npmjs.com/package/@varlock/keepass-plugin) |\n| [@varlock/kubernetes-plugin](packages/plugins/kubernetes) | [![npm version](https://img.shields.io/npm/v/@varlock/kubernetes-plugin.svg)](https://npmjs.com/package/@varlock/kubernetes-plugin) |\n| [@varlock/pass-plugin](packages/plugins/pass) | [![npm version](https://img.shields.io/npm/v/@varlock/pass-plugin.svg)](https://npmjs.com/package/@varlock/pass-plugin) |\n| [@varlock/passbolt-plugin](packages/plugins/passbolt) | [![npm version](https://img.shields.io/npm/v/@varlock/passbolt-plugin.svg)](https://npmjs.com/package/@varlock/passbolt-plugin) |\n| [@varlock/proton-pass-plugin](packages/plugins/proton-pass) | [![npm version](https://img.shields.io/npm/v/@varlock/proton-pass-plugin.svg)](https://npmjs.com/package/@varlock/proton-pass-plugin) |\n\n### Framework Integrations\n| Package | Published listing page |\n| --- | --- |\n| [@varlock/astro-integration](packages/integrations/astro) | [![npm version](https://img.shields.io/npm/v/@varlock/astro-integration.svg)](https://npmjs.com/package/@varlock/astro-integration) |\n| [@varlock/nextjs-integration](packages/integrations/nextjs) | [![npm version](https://img.shields.io/npm/v/@varlock/nextjs-integration.svg)](https://npmjs.com/package/@varlock/nextjs-integration) |\n| [@varlock/vite-integration](packages/integrations/vite) | [![npm version](https://img.shields.io/npm/v/@varlock/vite-integration.svg)](https://npmjs.com/package/@varlock/vite-integration) |\n\n\n## MCP Servers\n| MCP Server | Link | URL |\n| --- | --- | --- |\n| Varlock Docs (HTTP) | [Installation](https://varlock.dev/guides/mcp/#docs-mcp) | https://docs.mcp.varlock.dev/mcp |\n| Varlock Docs (SSE) | [Installation](https://varlock.dev/guides/mcp/#docs-mcp) | https://docs.mcp.varlock.dev/sse |\n\n## Examples\nExamples of integrating varlock in various frameworks and situations can be found in the [Varlock examples repo](https://github.com/dmno-dev/varlock-examples)\n\n## Development \u0026 Contribution\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmno-dev%2Fvarlock","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdmno-dev%2Fvarlock","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmno-dev%2Fvarlock/lists"}