Autocompletion, in-code secret peeking 🔎, syncing, and more, for your .env files in VSCode. 👑 From the same people who pioneered dotenv.

Overview

dotenv-vscode
Dotenv Official (with Vault) for VSCode Tweet

Official Dotenv. Syntax highlighting, autocompletion, in-code secret peeking, and .env file syncing with Dotenv Vault.

Install Usage How It Works Commands Health Changelog

Dotenv Vault with VSCode securely syncs your .env files across your machines, environments, and team members. Stop sharing .env files over insecure channels like Slack and email - from the same people that pioneered dotenv.

Version

Install

Install using VSCode Command Palette

  1. Go to View -> Command Palette or press Ctrl+Shift+P
  2. Then enter Install Extension
  3. Search for Dotenv
  4. Select Official Dotenv | Vault and click Install

Usage

Usage is similar to git. Run CMD+Shift+P (or Ctrl+Shift+P) and start typing dotenv.

dotenv new

Follow those instructions and then run:

dotenv login

Then run push and pull

dotenv push
dotenv pull

See it in action:

How It Works

Dotenv Vault holds your secrets in a secure and sophisticated way. Here's how it works.

How dotenv-vault works

Security Specifications

  • The Dotenv Vault is a separate datastore from the application database. This way if an attacker gains access to the application database they do not gain access to the vault datastore.
  • The Dotenv Vault datastore is not accessible via the internet and all external connections are prevented. This way an attacker can not remotely access the Dotenv Vault datastore.
  • Encrypted clients are required and these clients have to go through the application - which has its own layers of encryption.
  • There are stricter TLS requirements for connecting to the Dotenv Vault datastore. TLS 1.0 cannot be used to connect.
  • The secrets stored in the Dotenv Vault are not just encrypted at the datastore level. They are also encrypted at each VALUE. This way even if an attacker gains access to the datastore they could not make sense of the encrypted values.
  • The VAULT does NOT store the KEY. It ONLY stores the VALUE. The KEY is stored in the application database and a shared pointer (in both datastores) allows them to be identified as a pair. This way an attacker must gain access to both the application database and the Dotenv Vault datastore to make sense of the values.
  • The encryption key(s) used to encrypt the secret values are rotated on an unpublished schedule. This way an attacker might gain access to an old encryption key but not the most recent - foiling their ability to decrypt the secret values.
  • Encryption uses AES-GCM encryption. It is a well-studied, NIST recommended, and IEFT standard algorithim.
  • As you see, we go to great lengths to make sure your secrets are safe. Afterall, we keep our secrets here as well.

We hope you like Dotenv Vault as much as we do.

Visit dotenv.org/docs to learn more.

Commands

dotenv new       Create your project
dotenv login     Log in to dotenv-vault
dotenv logout    Log out
dotenv open      Open project page
dotenv push      Push .env securely
dotenv pull      Pull .env securely
dotenv versions  List version history
dotenv whoami    Display the current logged in user
dotenv status    Check dotenv-vault operational status

Visit dotenv.org/docs for details per command.

Health






Visit health.dotenv.org for more information.

CHANGELOG

See CHANGELOG

Acknowledgements

Comments
  • Wrong syntax highlighting in .env.* files

    Wrong syntax highlighting in .env.* files

    Syntax highlighting in the original .env file is OK. But if you append different environment names to it, e.g. .env.production, .env.development, or .env.example - it isn't correct.

    CleanShot 2022-11-03 at 16 06 21@2x

    opened by danulqua 13
  • Linux vscode: Link for toggling auto-cloaking doesn't show

    Linux vscode: Link for toggling auto-cloaking doesn't show

    Was working and found that on Linux vscode I'm not seeing the link in the .env file to toggle autocloaking that I see when I'm working on .env files on my Mac. I'm able to disable/enable autocloaking fine through command palette but might be good to look into this, or maybe also roll that toggle in to the .env sidebar item if possible

    Linux vscode image for reference

    opened by ConnorJennison 6
  • Extension failed on macOS

    Extension failed on macOS

    macOS Monterey: 12.5.1 VSCode: Version: 1.71.2 (Universal) Extension: dotenv.dotenv-vscode v0.9.0 Last updated 11/Sep/2022, 07:08:26

    Here's the error from the Extension Host log:

    [2022-09-19 11:28:15.770] [exthost] [error] Activating extension dotenv.dotenv-vscode failed due to an error:
    [2022-09-19 11:28:15.770] [exthost] [error] TypeError: Cannot read properties of undefined (reading 'textMateRules')
        at hideValues (/Users/Dave/.vscode/extensions/dotenv.dotenv-vscode-0.9.0/lib/autocloaking.js:24:24)
        at Object.run (/Users/Dave/.vscode/extensions/dotenv.dotenv-vscode-0.9.0/lib/autocloaking.js:7:5)
        at activate (/Users/Dave/.vscode/extensions/dotenv.dotenv-vscode-0.9.0/extension.js:9:16)
        at Function._callActivateOptional (/Applications/Visual Studio Code.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:97:17649)
        at Function._callActivate (/Applications/Visual Studio Code.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:97:17307)
        at /Applications/Visual Studio Code.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:97:15118
        at processTicksAndRejections (node:internal/process/task_queues:96:5)
        at E._activate (/Applications/Visual Studio Code.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:85:8224)
        at E._waitForDepsThenActivate (/Applications/Visual Studio Code.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:85:8166)
        at E._initialize (/Applications/Visual Studio Code.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:85:7530)
    

    In my config, I didn't appear to have a setting named textMateRules. (It may not have been mac specific.)

    Workaround

    I was able to get it working by adding this block to my User settings.json and reinstalling the extension

    "editor.tokenColorCustomizations": {
         "textMateRules": []
     }
    
    opened by zaq42 5
  • Ability to disable Auto-cloaking

    Ability to disable Auto-cloaking

    I miss the ability to disable the Auto-cloaking feature. Not everybody who is working with .env files is streaming or has to worry about visually leaked data.

    opened by martin-braun 5
  • Python auto complete and hover & misc improvements

    Python auto complete and hover & misc improvements

    • Added support for Python autocomplete and hover , including tests. (Three different formats)
      • os.environ.get("ENV_VAR")
      • os.getenv("ENV_VAR")
      • os.environ["ENV_VAR"]
    • Also ensured for hovering it works with single quotes as well
    • Fixed small bug with javascript hover regex. Periods were not escaped so they were treated as any character. They are now escaped so will only match to the period character
    • Added support for single quotes for ruby hover.

    https://github.com/dotenv-org/dotenv-vscode/issues/13 https://github.com/dotenv-org/dotenv-vscode/issues/14

    opened by ConnorJennison 3
  • Move env completionItems to top of list

    Move env completionItems to top of list

    I noticed this while I was looking at how the completion items work to get ready to add support to ruby. When I typed process.env. there was a bunch of typescript language feature suggestions that showed up first and the env vars were all the way at the bottom. I did some research and was able to make some changes to the completionItems so that the env vars should now always show up at the beginning of the list. See the provided video below for example.

    moveCompletionItemsToTop.webm

    opened by ConnorJennison 1
  • Finish ruby hovering

    Finish ruby hovering

    • Add back accidentally deleted line.
    • Update readme to include ruby hovering
    • Ruby hovering tests

    https://github.com/dotenv-org/dotenv-vscode/issues/12

    opened by ConnorJennison 1
  • Add ENV hover support for ruby

    Add ENV hover support for ruby

    Adds ENV hovering support for ruby. Hover over the a ENV["MYVAR"] statement to see the variable value without having to open your .env file.

    https://github.com/dotenv-org/dotenv-vscode/issues/12

    opened by ConnorJennison 1
  • Do not treat IP addresses as numbers

    Do not treat IP addresses as numbers

    Single or double quotes are optional in most cases, such as when using IP addresses. Unfortunately, the extension thinks the IP address is a number when no quotes are surrounded:

    Screen Shot 2022-09-04 at 11 30 48 PM
    opened by martin-braun 1
  • pointing to dotenv-vault@1.12.0 but this version is not published yet

    pointing to [email protected] but this version is not published yet

    Unable to create a new vault / project, or login from the extension sidebar because apparently it is using dotenv-vault version 1.12.0 which does not exist at this point.

    Latest published version of dotenv-vault is 1.11.2 - changelog

    Screenshot 2022-09-02 204045

    opened by mateeni-dev 1
  • error when opening env files

    error when opening env files

    might be related https://github.com/dotenv-org/dotenv-vscode/issues/69

    [Extension Host] TypeError: Cannot read properties of undefined (reading 'uri')
        at /Users/ctf0/.vscode-insiders/extensions/dotenv.dotenv-vscode-0.19.0/lib/autocloaking.js:92:55
        at Array.filter (<anonymous>)
        at /Users/ctf0/.vscode-insiders/extensions/dotenv.dotenv-vscode-0.19.0/lib/autocloaking.js:90:57
        at d.invoke (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:63:145)
        at w.deliver (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:63:2029)
        at g.fire (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:63:1667)
        at /Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:96:9579
        at d.invoke (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:63:145)
        at w.deliver (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:63:2029)
        at g.fire (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:63:1667)
        at w.acceptDocumentsAndEditorsDelta (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:96:13717)
        at w.$acceptDocumentsAndEditorsDelta (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:96:12158)
        at u.O (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:104:11207)
        at u.N (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:104:10925)
        at u.I (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:104:10018)
        at u.H (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:104:8999)
        at /Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:104:7787
        at d.invoke (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:63:145)
        at w.deliver (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:63:2029)
        at g.fire (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:63:1667)
        at fire (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:72:14313)
        at /Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:120:15788
        at d.invoke (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:63:145)
        at w.deliver (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:63:2029)
        at g.fire (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:63:1667)
        at fire (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:72:14313)
        at MessagePortMain.<anonymous> (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:120:13944)
        at MessagePortMain.emit (node:events:526:28)
        at Object.MessagePortMain._internalPort.emit (node:electron/js2c/utility_init:5:364) (at console.<anonymous> (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:94:136281))
    
    Version: 1.74.0-insider
    Commit: 1b1e2a2c5794df1f475976062c754651827634a9
    Date: 2022-11-18T05:24:51.315Z
    Electron: 19.1.3
    Chromium: 102.0.5005.167
    Node.js: 16.14.2
    V8: 10.2.154.15-electron.0
    OS: Darwin arm64 21.6.0
    Sandboxed: Yes
    
    opened by ctf0 0
  • .env file configuring to use properties langauge

    .env file configuring to use properties langauge

    For some reason files named exactly .env are auto-configuring to use the properties language instead of dotenv for syntax highlighting. Making this issue to be able to track this.

    opened by ConnorJennison 0
  • Toggling Autocloaking causing workplace settings to change

    Toggling Autocloaking causing workplace settings to change

    Autocloaking is great, but when I configure it in my User Settings then toggle it in my editor it always updates the Workplace Settings instead. We check our Workplace Settings into our repo and would prefer not to have this change show up when creating PRs.

    opened by DannyDelott 2
  • add option to cloak/hide auto-suggestions

    add option to cloak/hide auto-suggestions

    First: 👏👏👏

    This extension is fantastic. Thank you so much 🙏

    The cloak mode is also a great option. However it's kinda problematic that it shows the values when auto-completing:

    Screenshot 2022-11-08 at 09 06 10

    I would love if it was doing something in between like development becomes *...*nt.

    export function hideString(str: string | undefined) {
      if (!str) return typeof str
      const hideChars = str.length > 8 ? 2 : 1
      const re = new RegExp(`.*(?=.{${hideChars}}$)`, 'i')
    
      return str.replace(re, '*...*')
    }
    
    opened by Norfeldt 1
  • VSCode create new file: JavaScript language switches to .env

    VSCode create new file: JavaScript language switches to .env

    When you create new file, choose language as JavaScript - it ignores it and for some reason set the language to .env. Below are the screenshots with the steps to reproduce.

    Create new file

    CleanShot 2022-11-03 at 00 26 47@2x

    Click Select a language and find JavaScript

    CleanShot 2022-11-03 at 00 27 04@2x

    Click on JavaScript to select and find out that instead of JavaScript the .env was selected

    CleanShot 2022-11-03 at 00 27 18@2x

    It breaks syntax highlighting everywhere. You can switch to JavaScript if you've already pasted JS code here, but syntax highlighting will be broken. It gets fixed after the "reload window" command. Very weird tho, I hope it will be fixed.

    opened by danulqua 3
  • Jupyter Notebook python cell format issue

    Jupyter Notebook python cell format issue

    image

    When installed and edited a jupyter notebook will change the python format to .env its only the formating as the language and the cell still run fine. but all the python auto completion and formating gets striped.

    Expected to not interfere with formatting or auto complete. like how it is not installed:

    image

    opened by Theakayuki 2
Owner
Dotenv
🔐💛 The worldwide standard for securing environment variables.
Dotenv
Grupprojekt för kurserna 'Javascript med Ramverk' och 'Agil Utveckling'

JavaScript-med-Ramverk-Laboration-3 Grupprojektet för kurserna Javascript med Ramverk och Agil Utveckling. Utvecklingsguide För information om hur utv

Svante Jonsson IT-Högskolan 3 May 18, 2022
Hemsida för personer i Sverige som kan och vill erbjuda boende till människor på flykt

Getting Started with Create React App This project was bootstrapped with Create React App. Available Scripts In the project directory, you can run: np

null 4 May 3, 2022
Kurs-repo för kursen Webbserver och Databaser

Webbserver och databaser This repository is meant for CME students to access exercises and codealongs that happen throughout the course. I hope you wi

null 14 Jan 3, 2023
Generate deterministic fake values: The same input will always generate the same fake-output.

import { copycat } from '@snaplet/copycat' copycat.email('foo') // => '[email protected]' copycat.email('bar') // => 'Thurman.Schowalter668@

Snaplet 201 Dec 30, 2022
This tool allows you to test your chains.json file to see if your chains are available, syncing, or in sync.

Chains Tester This tool allows you to test your chains.json file to see if your chains are available, syncing, or in sync. This is an open source tool

Jorge S. Cuesta 9 Nov 4, 2022
Jaime Gómez-Obregón 119 Dec 24, 2022
IndexedDB with usability and remote syncing

IndexedDB with usability and remote syncing This is a fork of the awesome idb library, which adds the ability to sync an IndexedDB database with a rem

Damien Arrachequesne 8 Dec 14, 2022
Infisical — Sync your .env securely in seconds.

Infisical Infisical is a simple, end-to-end encrypted secrets manager for your .env files. It enables teams to securely sync and manage .env files in

null 2.7k Jan 4, 2023
This Next.js app is designed to be used with the Figment Learn Pathways, to help developers learn about various blockchain protocols such as Solana, NEAR, Secret, Polygon and Polkadot!

???? What is learn-web3-dapp? We made this decentralized application (dApp) to help developers learn about Web 3 protocols. It's a Next.js app that us

t0nto 8 Oct 1, 2022
Multiple `.env` file supported.

Features Support multiple .env files and keep the inheritance Priority: local > not unassigned local mode > not unassigned mode e.g. .env.{{mode}}.loc

Tianyu Li 67 Oct 31, 2022
A private chatroom for discussing secret stuff.

?? Socket.IO IRC A private chatroom for discussing secret stuff. The Problem Almost all chatapps nowadays aren't safe enough for private communication

Melvin Chia 6 Aug 16, 2022
A password management tool(secret-mission)

Secret-Mission是一个密码管理桌面应用,使用Electron和React编写,所有密码数据均保存在本地,使用二进制文件存储,账户密码和用户密码均使用加密处理,使用简单、安全、快捷,使用前请仔细阅读使用说明。 开发要求 Node.js ^14.18.1 版本开发 NPM ^6.14.15

qiangck 3 May 22, 2022
Loads environment variables from .env for nodejs projects.

dotenv Written in typescript, full testing. It can loads environment variables from a .env file into process.env or parse <key>=<value> string Install

Berlin 102 Sep 23, 2022
🔑 Loads environment variables from .env for nodejs projects with safe

env-safe env-safe is module that loads that loads environment variables from a .env file into process.env with type-safe. And can also validate the ty

Creatrip 9 Dec 28, 2022
Web client with support for secret chats. Made as a temporary solution

Arcanugram – Unofficial Telegram Web App with support for secret chats ⚠️ Made as a temporary solution for use on devices that do not have any clients

null 12 Sep 19, 2022
Tool to sign data with a Cardano-Secret-Key // verify data with a Cardano-Public-Key // generate CIP-8 & CIP-36 data

Tool to sign data with a Cardano-Secret-Key // verify data with a Cardano-Public-Key // generate CIP-8 & CIP-36 data

Martin Lang 11 Dec 21, 2022
Feel free to create new file, don't hesitate to pull your code, the most important thing is that the file name here must match your nickname so that file does not conflict with other people.

Hacktoberfest Indonesia Apa Itu Hacktoberfest ? Hacktoberfest adalah acara tahunan yang bertujuan untuk mendorong berkontribusi kedalam ekosistem open

Juan Daniel 5 Dec 15, 2022
✨ A cli can automatically export files of the same type

auto-export A cli can automatically export files Why When you want to export many files of the same type in one folder, you may cost a lot of time to

Frozen FIsh 22 Aug 11, 2022
Find duplicate object values of your JSON files (VSCode Extension)

JASON Lint VS Code Extension Make your life easier, use this extension to defeat the horror of duplicate values from your JSON files. Very useful when

Leonardo Pizzoquero 3 Oct 20, 2022