EnvGuard Website
Production-grade landing page for the EnvGuard VS Code extension.
🛡️ EnvGuard — Smart .env Manager
EnvGuard is a comprehensive environment variable manager for VS Code that helps you manage, validate, and secure your .env files with ease. Stop worrying about accidentally committing secrets, missing required variables, or switching between multiple environments.
✨ Features
🔄 Environment Profile Switching
Quickly switch between development, staging, production, and custom environment profiles with a single click. EnvGuard manages multiple .env files and lets you switch between them instantly from the status bar.
.env.development → Development settings
.env.staging → Staging configuration
.env.production → Production secrets
.env.local → Local overrides
Benefits:
- One-click profile switching from status bar
- Automatic profile detection and management
- Visual indicator of active environment
- Custom profile creation and management
✅ Schema Validation
Define a .env.schema file to enforce type safety and validation rules for your environment variables. EnvGuard validates your .env files in real-time and shows inline errors for missing or invalid values.
# .env.schema
DATABASE_URL=required|url|secret:true
PORT=required|number|min:1024|max:65535
NODE_ENV=required|enum:development,staging,production
DEBUG=optional|boolean|default:false
API_KEY=required|string|min:32|secret:true
Validation Features:
- Type checking (string, number, boolean, url, email, enum)
- Required/optional enforcement
- Min/max constraints for numbers and strings
- Pattern matching with regex
- Default value suggestions
- Real-time validation feedback
🔍 Secret Detection & Scanning
Automatically scans .env files for 43+ types of secrets and credentials including AWS keys, GitHub tokens, API keys, database passwords, private keys, and more. Get instant warnings when secrets are detected.
Detected Secret Types:
- AWS Access Keys & Secret Keys
- GitHub Personal Access Tokens
- Stripe API Keys
- Google API Keys
- JWT Tokens
- Private Keys (RSA, SSH)
- Database Connection Strings
- OAuth Tokens & Client Secrets
- Slack Webhooks
- And 30+ more patterns
Security Features:
- Real-time secret scanning as you type
- Automatic
.gitignore verification
- Smart placeholder detection (filters out "xxx", "your-key-here", etc.)
- Security score calculation
.env.example file detection (warnings vs errors)
📊 File Comparison (Diff)
Compare two .env files side-by-side to see what variables are missing, different, or unchanged. Perfect for ensuring your .env.example is up-to-date or comparing staging vs production configurations.
Comparison Features:
- Side-by-side diff view in webview
- Color-coded differences (missing, different, unchanged)
- Quick navigation between differences
- Export comparison results
- Compare any two
.env files in your workspace
📝 .env.example Generator
Automatically generate a .env.example file from your existing .env with smart placeholder generation. Secrets are replaced with safe placeholders, preserving the structure while removing sensitive data.
Smart Placeholder Generation:
- Secrets replaced with
your-<key>-here
- URLs preserved with protocol and domain structure
- Numbers replaced with example values
- Booleans preserved
- Comments and structure maintained
Hover over any environment variable to see rich information including schema rules, validation status, secret detection status, and value preview.
Hover Information Includes:
- Variable name and current value (masked for secrets)
- Schema validation rules and type
- Secret detection status
- Required/optional status
- Default values and constraints
- Validation errors and warnings
🚀 Quick Start
- Install EnvGuard from the VS Code Marketplace
- Open a project with
.env files
- EnvGuard automatically detects all
.env files in your workspace
- View the sidebar (click the shield icon) to see all files, keys, and profiles
- Click the status bar to switch between environment profiles
Creating Your First Schema
Create a .env.schema file in your project root:
# Required database configuration
DATABASE_URL=required|url|secret:true
DATABASE_POOL_SIZE=optional|number|min:1|max:100|default:10
# API settings
API_KEY=required|string|min:32|secret:true
API_BASE_URL=required|url
# Application settings
NODE_ENV=required|enum:development,staging,production
DEBUG=optional|boolean|default:false
LOG_LEVEL=optional|enum:error,warn,info,debug|default:info
PORT=required|number|min:1024|max:65535
EnvGuard will now validate all your .env files against this schema!
Define validation rules using pipe-separated modifiers after the = sign.
| Modifier |
Description |
Example |
required |
Key must be present in .env file |
API_KEY=required |
optional |
Key is optional (shows info if missing) |
DEBUG=optional |
string |
Value must be a string (any text) |
NAME=required\|string |
number |
Value must be a valid number |
PORT=required\|number |
boolean |
Value must be true/false/yes/no/1/0 |
DEBUG=required\|boolean |
url |
Value must be a valid URL (http:// or https://) |
API_URL=required\|url |
email |
Value must be a valid email address |
ADMIN_EMAIL=required\|email |
enum:val1,val2 |
Value must be one of the specified options |
ENV=required\|enum:dev,prod |
min:N |
Minimum value (number) or length (string) |
PORT=required\|number\|min:1024 |
max:N |
Maximum value (number) or length (string) |
PORT=required\|number\|max:65535 |
pattern:regex |
Value must match regex pattern |
CODE=required\|pattern:^[A-Z]{3}$ |
default:val |
Default value if not present |
DEBUG=optional\|default:false |
secret:true |
Mark as secret (for documentation) |
API_KEY=required\|secret:true |
Schema Examples
# Basic validation
APP_NAME=required|string
VERSION=required|string|pattern:^\d+\.\d+\.\d+$
# Number constraints
PORT=required|number|min:1024|max:65535
TIMEOUT_MS=optional|number|min:1000|max:30000|default:5000
# Enum values
NODE_ENV=required|enum:development,staging,production
LOG_LEVEL=optional|enum:error,warn,info,debug|default:info
# URLs and emails
DATABASE_URL=required|url|secret:true
API_BASE_URL=required|url
ADMIN_EMAIL=required|email
# Secret strings
JWT_SECRET=required|string|min:32|secret:true
ENCRYPTION_KEY=required|string|min:64|secret:true
# Optional with defaults
ENABLE_CACHE=optional|boolean|default:true
MAX_CONNECTIONS=optional|number|min:1|max:1000|default:100
⌨️ Commands
| Command |
Keyboard Shortcut |
Description |
EnvGuard: Switch Environment Profile |
Ctrl+Shift+E (Windows/Linux)
Cmd+Shift+E (Mac) |
Switch between environment profiles |
EnvGuard: Scan for Secrets |
- |
Manually scan all .env files for secrets |
EnvGuard: Validate Environment Files |
- |
Manually validate all .env files against schema |
EnvGuard: Compare .env Files |
- |
Compare two .env files side-by-side |
EnvGuard: Generate .env.example |
- |
Generate .env.example from current .env |
EnvGuard: Open Dashboard |
- |
Open EnvGuard dashboard with overview |
EnvGuard: Refresh Files |
- |
Manually refresh .env file list |
EnvGuard: Check .gitignore |
- |
Verify .env files are in .gitignore |
EnvGuard: Create Profile |
- |
Create a new environment profile |
EnvGuard: Delete Profile |
- |
Delete an environment profile |
⚙️ Settings
Configure EnvGuard behavior in VS Code settings (Ctrl+, or Cmd+,):
| Setting |
Default |
Description |
envguard.autoScan |
true |
Automatically scan for secrets when files change |
envguard.autoValidate |
true |
Automatically validate against schema when files change |
envguard.showStatusBar |
true |
Show active profile in status bar |
envguard.maskSecrets |
true |
Mask secret values in UI (show as ●●●●●●) |
envguard.securityScoreThreshold |
80 |
Minimum security score for passing (0-100) |
envguard.excludePatterns |
[] |
File patterns to exclude from scanning |
envguard.customPatterns |
[] |
Custom secret detection patterns |
envguard.notificationLevel |
warning |
Minimum severity for notifications (error/warning/info) |
Example Settings Configuration
{
"envguard.autoScan": true,
"envguard.autoValidate": true,
"envguard.maskSecrets": true,
"envguard.securityScoreThreshold": 80,
"envguard.excludePatterns": [
"**/.env.test",
"**/node_modules/**"
],
"envguard.notificationLevel": "warning"
}
EnvGuard adds a dedicated sidebar with three views:
📁 Files View
- Shows all
.env files in workspace
- Click to open file
- Visual indicators for active profile
- Quick actions for each file
🔑 Keys View
- Lists all unique environment variable keys
- Shows count of files containing each key
- Click to find all occurrences
- Quick navigation
👤 Profiles View
- Lists all available profiles
- Switch profile with one click
- Create/delete profiles
- Visual indicator for active profile
⚠️ Issues View
- Lists all validation and security issues
- Grouped by file
- Click to navigate to issue
- Filter by severity (error/warning/info)
🔒 Security & Privacy
EnvGuard takes security and privacy seriously:
- ✅ No telemetry - We don't collect any data about your usage
- ✅ No external servers - All processing happens locally in VS Code
- ✅ No secret storage - Secret values are never stored in memory or logs
- ✅ No network requests - Everything stays on your machine
- ✅ Open source - Code is available for review
- ✅ Local-only - All data stays in your workspace
Security Features
- Automatic
.gitignore verification
- Secret masking in all UI elements
- Security score calculation (0-100)
- Real-time secret detection
- Smart placeholder detection to avoid false positives
📖 Common Use Cases
Setting Up a New Project
- Create
.env file with your configuration
- Create
.env.schema to define validation rules
- Run "EnvGuard: Generate .env.example" to create example file
- Commit
.env.schema and .env.example to git
- Add
.env to .gitignore
Working with Multiple Environments
- Create
.env.development, .env.staging, .env.production
- Use status bar to switch between profiles
- EnvGuard manages active profile and shows indicator
- All validation and scanning works across profiles
Ensuring Configuration Completeness
- Create comprehensive
.env.schema with all required variables
- EnvGuard validates all
.env files against schema
- See missing or invalid variables instantly
- Use diff view to compare environments
Preventing Secret Leaks
- EnvGuard scans automatically for 43+ secret patterns
- Get warnings when secrets are detected
- Verify
.gitignore includes .env files
- Check security score in dashboard
- Generate
.env.example with safe placeholders
🎯 Best Practices
- Always create
.env.schema - Define validation rules for all variables
- Use
.env.example - Commit example file, never commit actual .env
- Add
.env to .gitignore - EnvGuard will remind you if you forget
- Use profiles - Separate configurations for dev/staging/prod
- Review security score - Aim for 80+ security score
- Validate regularly - Run validation before deploying
- Check diffs - Compare environments to ensure consistency
🤝 Contributing
Contributions are welcome! If you'd like to contribute to EnvGuard:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature)
- Commit your changes (
git commit -m 'Add amazing feature')
- Push to the branch (
git push origin feature/amazing-feature)
- Open a Pull Request
Reporting Issues
Found a bug or have a feature request? Please open an issue on GitHub with:
- Clear description of the problem or feature
- Steps to reproduce (for bugs)
- Expected vs actual behavior
- VS Code version and OS
📄 License
MIT License - see LICENSE file for details.
Copyright (c) 2024 EnvGuard Contributors
🌟 Why EnvGuard?
Managing environment variables shouldn't be complicated. EnvGuard provides a complete solution for:
- ✅ Developers - Quick profile switching and real-time validation
- ✅ Teams - Consistent environment configuration across projects
- ✅ DevOps - Security scanning and configuration validation
- ✅ Security - Prevent secret leaks before they happen
📞 Support
Made with ❤️ for the VS Code community
