Env Guard

Env Guard is a VS Code extension that blocks accidental pushes of .env files.

Features

• Installs a managed pre-push hook for the active repository.
• Blocks pushes by default when matching env files are part of outgoing commits.
• Shows a VS Code popup when a push is blocked (when VS Code is open for that repo).
• Allows one-time bypass with confirmation using Env Guard: Allow Next Push.
• Warns in VS Code when staged files match sensitive patterns.

Commands

• Env Guard: Scan Staged Files
• Env Guard: Allow Next Push
• Env Guard: Reinstall Hooks

Settings

• envGuard.mode (block or warn, default block)
• envGuard.patterns (default ['.env', '.env.*', '*.env'])
• envGuard.allowlist (user-defined allowlist patterns)
• envGuard.defaultSafeAllowlist (default ['.env.example', '.env.sample', '.env.template'])
• envGuard.installHooks (default true)
• envGuard.showStageWarnings (default true)

Notes

• Enforcement happens in Git pre-push, so terminal pushes are also protected.
• Existing hooks are preserved as pre-push.local when possible.