Or install as standalone binary

October 31, 2025 ยท View on GitHub

Varlock banner


npm package license node compatibility build status discord chat


Varlock

add declarative schema to your .env files using @env-spec decorator comments

  • ๐Ÿ›ก๏ธ validation, coercion, type safety w/ IntelliSense
  • ๐Ÿ” protection for sensitive config values (log redaction, leak prevention)
  • ๐ŸŒ flexible multi-environment management
  • ๐Ÿ’ซ composition of values, functions, load from external sources

Your .env.schema is a declarative schema of your environment variables that lives within version control, so it will never be out of sync.

# @defaultSensitive=false @defaultRequired=infer @currentEnv=$APP_ENV
# ---
# our environment flag, will control automatic loading of `.env.xxx` files
# @type=enum(development, preview, production, test
APP_ENV=development # default value, can override

# API port
# @type=port @example=3000
API_PORT=

# API url including _expansion_ referencing another env var
# @required @type=url
API_URL=http://localhost:${API_PORT}

# API key with validation, securely fetched from 1Password
# @required @sensitive @type=string(startsWith=sk-)
OPENAI_API_KEY=exec('op read "op://api-prod/openai/api-key"')

# Non-secret value, included directly
# @type=url
SOME_SERVICE_API_URL=https://api.someservice.com

Installation

You can get started with varlock by installing the CLI:

# Run the installation wizard, which will install as a dependency in a JavaScript project
npx varlock init

# Or install as standalone binary
brew install dmno-dev/tap/varlock # via homebrew
curl -sSfL https://varlock.dev/install.sh | sh -s # via cURL

# Or use the official Docker image
docker pull ghcr.io/dmno-dev/varlock:latest

See the full installation docs or the Docker guide for more information.

Workflow

Validate your .env.schema and pretty print your environment variables with:

varlock load

If you need to pass resolved env vars into another process, you can run:

varlock run -- python script.py

Or you can integrate more deeply with one of our integrations to enable security guardrails, like log redaction and leak prevention.

@env-spec

Varlock is built on top of @env-spec, a new DSL for attaching a schema and additional functionality to .env files using JSDoc style comments. The @env-spec package contains a parser and info about the spec itself.

Published Packages

PackagePublished listing page
varlocknpm version
@varlock/nextjs-integrationnpm version
@varlock/vite-integrationnpm version
@env-spec/parsernpm version
@env-spec VSCode extensionVSCode Marketplace, Open VSX Registry
varlock Docker imageGitHub Container Registry

MCP Servers

MCP ServerLinkURL
Varlock Docs (HTTP)Installationhttps://docs.mcp.varlock.dev/mcp
Varlock Docs (SSE)Installationhttps://docs.mcp.varlock.dev/sse

Development & Contribution

See CONTRIBUTING.md for more information.