Skip to content
varlock

AI Tools

AI tools like Cursor, Gemini, Claude, and GitHub Copilot have accelerated workflows for many development teams. This, however, comes with some risks. Unless your team has gone to great lengths to hide secrets from your AI tools, you’re probably sending secrets to their AI agents and potentially leaking them in the code it generates.

varlock exists to solve both of those problems. By never storing the secret values, you never have to worry about sending them to AI servers. And because of the new @env-spec format you will have better AX (agent experience) when dealing with environment variables.

Allowing schema files for AI tools

Section titled “Allowing schema files for AI tools”

Most AI tools ignore .env.* files by default. To ensure your AI tool can access your environment schema, add the following to your .gitignore:

!.env.schema

If you use a tool with its own ignore file, check that tool’s documentation to see how it handles ignore files and make sure .env.schema is allowed.

Custom instructions and rules

Section titled “Custom instructions and rules”

To give your AI tool full context about varlock, you can provide it with the full Varlock llms.txt. In Cursor, this is accomplished via ‘Add New Custom Docs’.

If your tool supports custom rules, you can use our own varlock Cursor rule file from this repo as a starting point to create your own that is most suited to your workflow.