Blog
February was a big month: we shipped lots of core improvements, launched four new secret manager plugins, and announced our participation in the GitHub Secure Open Source Fund.
Core Improvements
These features are all available in varlock@0.2.3:
- Multi-line function calls — Both decorators and item values now support multi-line syntax, making complex configs easier to read and maintain.
- Conditional
@import— Theenabledparameter lets you conditionally load env files (e.g. by environment or feature flags). @publicdecorator — New counterpart to@sensitivefor explicitly marking values as safe to log or expose.--path/-p— Forloadandrun, specify a.envfile or directory as the entry point.--compact— Forvarlock load, outputs a compact format suitable for scripts and CI.--no-redact-stdout— Forvarlock run, allows unredacted output when needed (e.g. interactive tools).- Import from
~— Reference home directory paths in imports. allowMissingon@import— Imports optionally succeed when the target file doesn’t exist.- Package manager detection — Better handling when multiple lockfiles (e.g. npm + Bun) are present; no more crashes in monorepos.
- Improved CLI help — All commands now have clearer examples and usage guidance.
New Secret Manager Plugins
We launched four new plugins, broadening support for popular secret managers:
@varlock/aws-secrets-plugin— AWS Secrets Manager and Systems Manager Parameter Store@varlock/azure-key-vault-plugin— Azure Key Vault@varlock/bitwarden-plugin— Bitwarden@varlock/infisical-plugin— Infisical
GitHub Secure Open Source Fund
We published How Varlock Is Leveling Up Security Through the GitHub Secure Open Source Fund, sharing what we learned from participating in the program.
Community
We’re always looking for feedback and ideas. Join the conversation:
- Discord — Chat with us and other users.
- GitHub Discussions — Suggestions, questions, and feature ideas.