Skip to content
varlock

varlock

 ██▒   █▓ ▄▄▄       ██▀███   ██▓     ▒█████   ▄████▄   ██ ▄█▀
 ▓██░   █▒▒████▄    ▓██ ▒ ██▒▓██▒    ▒██▒  ██▒▒██▀ ▀█   ██▄█▒ 
  ▓██  █▒░▒██  ▀█▄  ▓██ ░▄█ ▒▒██░    ▒██░  ██▒▒██    ▄ ▓███▄░ 
   ▒██ █░░░██▄▄▄▄██ ▒██▀▀█▄  ▒██░    ▒██   ██░▒██▄ ▄██▒▓██ █▄ 
    ▒▀█░   ▓█   ▓██▒░██▓ ▒██▒░██████▒░ █████▒░▒ ████▀ ░▒██▒ █▄
    ░ ▐░   ▒▒   ▓▒█░░ ▒▓ ░▒▓░░ ▒░▓  ░░ ▒░▒░▒░ ░ ░▒ ▒  ░▒ ▒▒ ▓▒
    ░ ░░    ▒   ▒▒ ░  ░▒ ░ ▒░░ ░ ▒  ░  ░ ▒ ▒░   ░  ▒   ░ ░▒ ▒░
      ░░    ░   ▒     ░░   ░   ░ ░   ░ ░ ░ ▒  ░        ░ ░░ ░ 
       ░        ░  ░   ░         ░  ░    ░ ░  ░ ░      ░  ░

Magic .env files built for sharing:
Human-first, AI-friendly

.env.schema
# Add declarative schema info to your env vars using @decorator comments
# @sensitive @required @type=string(startsWith=sk-)
OPENAI_API_KEY=


# @type=enum(development, preview, production, test)
APP_ENV=development # set non-sensitive default values directly


# use function calls to securely fetch data from external sources
XYZ_TOKEN=exec('op read "op://api-prod/xyz/auth-token"')

Unlike .env.example, your .env.schema is a single source of truth, built for collaboration, that will never be out of sync.

Get Started Reference Docs

Validation

Powerful validation capabilities, without custom logic. Misconfiguration errors are surfaced much earlier in your development cycle, with clear error messages.

Validation demo

Type-safety

Automatically generate types according to your schema - the single source of truth - instead of writing them by hand.

Intellisense demo

Security

Redact sensitive info from stdout and global console methods. Detect leaks in bundled client code and outgoing server responses.

Redaction demo

Environments

Combine defaults, environment-specific .env files, local git-ignored overrides, and process env vars. Compose values together using functions.

Multi-env demo

Secure secrets

Read from any external providers via CLI commands. Plugin system, local encryption utilities, and shared team vaults coming soon.

External providers demo
Get Started Reference Docs

Installation

Terminal window
# Install as a dependency in a js project
npx varlock init


# OR install as standalone binary via homebrew
brew install dmno-dev/tap/varlock
# OR via cURL
curl -sSfL https://varlock.dev/install.sh | sh -s

Drop-in replacement for dotenv

my-app.ts
 import 'dotenv/config';
 import 'varlock/auto-load';


// *optional* type-safe env access
 import { ENV } from 'varlock/env';
 const client = new AbcApi(process.env.ABC_API_KEY);
 const client = new AbcApi(ENV.ABC_API_KEY);

varlock can be used as a direct replacement for dotenv in most projects. Just swap your import and get validation, security, and more. No other code changes required!

Run anywhere - with any language

Terminal window
varlock run -- python my_script.py

Use varlock run to inject resolved, validated env vars into another process.

Come chat with us