OpenEnvX VS Code Extension

VS Code extension for OpenEnvX. Enhanced .env management with encryption, smart references, and seamless developer experience.

Secret management directly in VS Code. Navigate, decrypt, edit, and manage your encrypted .env files with intelligent features like monorepo-aware find references, autocompletion, and code lenses.

Unbiased. No vendor lock-in. No accounts. No cloud required.

Made for developers, by developers. Fully open source.

Features

🔐 Encrypted Secret Management

• CodeLens Actions: Decrypt individual secrets or all secrets at once with inline buttons
• Hover Preview: See decrypted values on hover (respects your private key)
• Edit Secrets: Modify encrypted values directly from the CodeLens button in .env files
• Copy Secrets: Quickly copy decrypted values to clipboard

🔍 Smart Navigation

• Find References: Monorepo-aware reference finding across packages and workspaces
• Go to Definition: Jump from code to .env file definitions
• Code-to-Env Navigation: Navigate from JavaScript/TypeScript files to environment variable definitions
• Rename Support: Rename environment variables across your entire workspace

✨ Developer Experience

• Autocompletion: Intelligent autocomplete for environment variables in code
• Visual Decorations: Clear visual indicators for encrypted vs plaintext values
• Secret Scanning: Detect potential secret leaks before they reach git
• CLI Integration: Run scripts with decrypted environment variables directly from VS Code

📦 Package.json Integration

• Script CodeLens: Run npm scripts with OpenEnvX decrypted environment variables
• Quick Actions: Execute commands with proper environment context

Quick Start

Installation

1. Install OpenEnvX CLI (if not already installed):

 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/xmazu/openenvx/main/scripts/install.sh)"

2. Install Extension:

• Open VS Code
• Go to Extensions (Cmd+Shift+X / Ctrl+Shift+X)
• Search for "OpenEnvX"
• Click Install Or install from VSIX:

Setup

1. Initialize OpenEnvX in your workspace:

 openenvx init

2. Add encrypted secrets:

 openenvx set DATABASE_URL
 openenvx set API_KEY

3. Open your .env file in VS Code - the extension activates automatically!

Usage

Decrypting Secrets

Method 1: CodeLens Buttons

• Open a .env file with encrypted values
• Click the "Decrypt" button above any encrypted line
• The value decrypts inline (requires your private key)

Method 2: Command Palette

• Press Cmd+Shift+P / Ctrl+Shift+P
• Run OpenEnvX: Decrypt All Secrets

Finding References

• Right-click on an environment variable → "Find All References"
• Or use Shift+F12

Editing Secrets

1. Open a .env file with encrypted values
2. Click the "Edit" CodeLens button above the encrypted value you want to modify
3. Enter new value in the input box (will be encrypted automatically)

Running Scripts with OpenEnvX

From Package.json:

• Open package.json
• Click the CodeLens button above any script
• Select "Run with OpenEnvX"

From Command Palette:

• Press Cmd+Shift+P / Ctrl+Shift+P
• Run OpenEnvX: Run script with OpenEnvX
• Enter your script command

Scanning for Secrets

Detect potential secret leaks:

1. Press Cmd+Shift+P / Ctrl+Shift+P
2. Run OpenEnvX: Scan for secrets
3. Review diagnostics in the Problems panel

Requirements

• VS Code: Version 1.74.0 or higher
• OpenEnvX CLI: Must be installed and available in PATH (or configured via settings)
• Private Key: Your OpenEnvX private key must be accessible (via ~/.config/openenvx/keys.yaml or OPENENVX_PRIVATE_KEY environment variable)

Security

This extension integrates with OpenEnvX, which uses:

• Envelope Encryption: Each secret encrypted with its own Data Encryption Key (DEK)
• Master Key: Derived from age private key via HMAC-SHA256
• Algorithm: AES-256-GCM with random nonces
• Local-First: All encryption/decryption happens locally on your machine

Important: Your private key is never transmitted or stored by this extension. All decryption operations use the OpenEnvX CLI, which handles key management securely.

FAQ

Q: The extension can't find the OpenEnvX CLI. What should I do?
A: Ensure openenvx is in your PATH, or configure the openenvx.cliPath setting with the full path to the binary.

Q: Can I use this with monorepos?
A: Yes! The extension includes smart scope detection for monorepos (npm workspaces, pnpm, yarn workspaces, etc.) and can find references across packages.

Q: Does this extension store my private key?
A: No. The extension uses the OpenEnvX CLI for all encryption/decryption operations. Your private key is managed by OpenEnvX CLI only.

Q: Can I decrypt secrets without the extension?
A: Yes, use the OpenEnvX CLI directly: openenvx get KEY_NAME or openenvx run -- your-command.

License

MIT License

Related Projects

• OpenEnvX CLI - The command-line tool this extension integrates with

Made with ❤️ for developers who care about security and developer experience.