Discover, catalog, compare, and encrypt every .env file across all your projects. A single pane of glass for all your secrets.
Also available for Windows and Linux ยท <5MB binary
Point it at your project roots. It does the rest.
Register any number of root directories. Recursive scanning finds every project and every env file โ monorepos included.
Parses file names into structured environment tiers. See base, local, development, staging, and production at a glance.
Filesystem events trigger instant updates. Add, remove, or modify an env file and the vault reflects it in under 100ms.
Master password derives a key via Argon2id. All secret values are encrypted at rest in a local SQLite vault.
A matrix view shows which keys exist where. Catch missing variables, empty values, and localhost URLs before they break production.
Fuzzy search across every project, environment, and variable name. Filter by tier, depth, or warning status instantly.
See exactly which variables exist โ or are missing โ across every environment.
| Variable | base | local | staging | production |
|---|---|---|---|---|
| DATABASE_URL | โ | โ | โ | โ |
| API_KEY | โ | โ | โ | โโ missing in staging |
| STRIPE_SECRET | โ | โ | โ | โ |
| DEBUG | โ | โ | โ | โ |
| REDIS_URL | โ | โ | โ | โโ empty value |
Variable names stay in plaintext for instant search and comparison. The actual secret values are encrypted with AES-256-GCM, keyed by your master password through Argon2id.
No network access. No telemetry. No cloud. Your secrets never leave your machine.
โYour secrets deserve a vault, not a text file.โ
Free, open source, and local-first. Download DotVault and stop leaving secrets in plaintext.