Skip to content
| Marketplace
Sign in
Visual Studio Code>SCM Providers>Avora SecretsNew to Visual Studio Code? Get it now.
Avora Secrets

Avora Secrets

secrets

|
1 install
| (0) | Free
Pull / push / sync your project .env files with your team, Git-style — per environment (local/staging/production), with live updates.
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Copied to clipboard
More Info

Avora Secrets

A VS Code extension that syncs project .env files between collaborators through your Avora dashboard — Git-style pull / push / sync, but for secrets, and routed through your dashboard instead of git.

Backend moved into the PMS. Env Sync is now a first-class Avora App Store app: the backend lives in the FastAPI PMS (be/app/.../envsync.py) and is managed at Dashboard → Workspace → App Store → Env Sync. The extension authenticates with an Avora Personal Access Token (generated on that page) and talks to /(api/v1)/envsync/.... The Django backend/ is the original reference implementation — deprecated, kept for history, not deployed.

VS Code Extension                     PMPS Dashboard (source of truth)
─────────────────                     ────────────────────────────────
1. Sign in (reuse dashboard token)
2. See your projects + collaborators
3. Pull   ◀──────────  writes the project .env to a local file
4. Edit .env  →  row flips to "local changes • push"
5. Push   ──────────▶  saves a new version on the dashboard
6. Sync   ◀────────▶  reconciles your changes with collaborators'

⚠️ .env files hold secrets. They sync through the backend, never through git. The extension auto-adds the linked file to .gitignore, the backend encrypts every value at rest, and only project members can pull/push.

Repo layout

  • src/ — the VS Code extension (TypeScript). Build with npm run build.
  • backend/ — deprecated Django reference app (envsync), superseded by the FastAPI module in the PMS (be). See backend/README.md for the original design.

Run the extension (dev)

npm install
npm run build      # or: npm run watch

Fastest path: start the test server (backend/README.md), then in VS Code pick the “Run Extension (auto-connect to test server)” launch config and press F5. It opens a sample workspace and auto-fills the dashboard URL + a dev token (from .vscode/launch.json) — no manual sign-in. Your projects appear immediately in the PMPS Env Sync view with inline pull / push / sync icons.

To connect to your own backend instead, use “Run Extension (clean)” then:

  1. PMPS: Set Dashboard URL → your backend base URL.
  2. PMPS: Sign In → paste your dashboard access token.

Environments (env folders)

A project can have multiple environments — e.g. ranking-be → local, staging, production from its env/ folder. The tree shows project → environment rows → Collaborators, and pull/push/sync act per environment. Map each environment to its file via pmps.envFileMap in the workspace settings, e.g. "ranking-be/staging": "ranking-be/env/staging.env". Projects with a single file just use one default environment.

How sync state is shown

Row badge Meaning Action shown
synced ✓ local == last pull == dashboard sync
local changes • push you edited .env push
update available • pull a collaborator pushed pull
diverged ⚠ both changed sync (last-write-wins, both kept in history)
not linked no local file bound yet pull

A file watcher flips a project to push the moment you edit its .env. Live updates arrive over a WebSocket — a dashboard/collaborator push pulls into your clean local file instantly (if you have unsaved edits, it warns you to Sync). A poll (default 60s, pmps.autoRefreshSeconds) is the fallback when the socket is down.

Settings

  • pmps.serverUrl — dashboard base URL.
  • pmps.autoRefreshSeconds — poll interval (0 disables).
  • pmps.envFileName — default file name a pulled env is written to (.env).

Conflict handling

Each push declares the version it was based on. If the dashboard moved ahead, the backend returns 409 and the extension offers: keep mine (push over), take remote, or open a diff. Nothing is lost — every version stays in history.

Roadmap (next)

Per-key diff/merge for conflicts, named environments (dev/staging/prod), audit log view, and one-click rollback to a prior version. (Live WebSocket sync is already built — see above.)

  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2026 Microsoft