Blog
Usage
Basics
Section titled “Basics”The basic workflow for using Varlock is to:
- Run
varlock initto set up your.env.schemafile - Run
varlock loadto debug and refine your .env file(s) - Use Varlock to load, validate, and inject env vars into your application, either:
- Use an existing framework / tool integration that automatically calls Varlock under the hood (recommended)
- Use
import 'varlock/auto-load'in a backend JavaScript/TypeScript project - Boot your command via
varlock run
(necessary for non-JS/TS projects, or feeding env vars to external tools)
CLI Commands
Section titled “CLI Commands”varlock load
Section titled “varlock load”npm exec -- varlock loadpnpm exec -- varlock loadbun exec varlock loadvlx -- varlock loadyarn exec -- varlock loadvarlock loadValidates your environment variables according to your .env.schema and associated .env.* files, and prints the results.
Useful for debugging locally, and in CI to print out a summary of env vars, also when you’re authoring your .env.schema file and want immediate feedback.
See the varlock load CLI Reference for more information.
varlock run
Section titled “varlock run”npm exec -- varlock run -- <your-command>pnpm exec -- varlock run -- <your-command>bun exec varlock run -- <your-command>vlx -- varlock run -- <your-command>yarn exec -- varlock run -- <your-command>varlock run -- <your-command>Executes a command in a child process, injecting your resolved and validated environment variables. This is useful when a code-level integration is not possible. For example, if you’re using a database migration tool, you can use varlock run to run the migration tool with the correct environment variables. Or if you’re using a non-js/ts language, you can use varlock run to run a command and inject validated environment variables.
See the varlock run CLI Reference for more information.
varlock encrypt
Section titled “varlock encrypt”npm exec -- varlock encrypt --file .env.localpnpm exec -- varlock encrypt --file .env.localbun exec varlock encrypt --file .env.localvlx -- varlock encrypt --file .env.localyarn exec -- varlock encrypt --file .env.localvarlock encrypt --file .env.localEncrypts sensitive values using device-local encryption. Use --file to encrypt all @sensitive plaintext values in a .env file in-place, or run without arguments for interactive single-value encryption.
Encrypted values are stored as varlock("local:<encrypted>") and are automatically decrypted during varlock load or varlock run.
See the varlock encrypt CLI Reference and the Local encryption guide for more information.
varlock reveal
Section titled “varlock reveal”npm exec -- varlock revealpnpm exec -- varlock revealbun exec varlock revealvlx -- varlock revealyarn exec -- varlock revealvarlock revealSecurely view or copy decrypted values of @sensitive environment variables. Values are shown in an alternate screen buffer to prevent scrollback capture.
See the varlock reveal CLI Reference for more information.