The Problem: "Hey, can you send me the API key?"
We've all been there. A new developer joins the team. They clone the repo, run npm install, try to start the server, and... crash. Missing environment variables.
So, what happens next? Usually, someone copies the .env file contents and pastes them into Slack, Teams, or WhatsApp. This is a security nightmare.
I built DotEnvy to solve this. And with the release of v1.3.0, I'm introducing a feature usually reserved for enterprise cloud providers: Multi-User Key Wrapping (Envelope Encryption), right inside VS Code.
What's New in v1.3.0?
This update is a massive leap forward for team security. It transforms DotEnvy from a personal environment manager into a team collaboration tool.
- π‘οΈ Enterprise-Grade Envelope Encryption The core of this update is the complete implementation of envelope encryption. This allows secure multi-user access to environment secrets without ever sharing a master password.
How it works:
No Shared Secrets: Each developer has unique credentials. You never have to text a password to a teammate again.
Key Wrapping: The Project Key (which decrypts the variables) is "wrapped" (encrypted) using individual user passwords using AES-256-GCM.
Zero-Knowledge: Project keys never exist in plaintext outside of encrypted memory.
- π₯ Full User Management System You can now manage your team's access directly from the extension:
Init Secure Project: Sets up an admin user and establishes the encrypted project foundation.
Add User: Invite team members by creating individual password-based access envelopes for them.
Revoke User: Instantly remove access. Because of the envelope architecture, this provides Forward Secrecyβrevoked users lose access instantly without needing to rotate passwords for the whole team.
Git Audit Trail: All user management operations are tracked in version control, providing complete non-repudiation.
- π Granular Variable Control Security shouldn't be all-or-nothing.
Lock/Unlock Toggle: You can now interactively toggle π/π icons on specific variables.
Real-Time Encryption: Encrypt or decrypt specific variables instantly with visual feedback.
- π OWASP 2025 Compliance Security tools need to stay ahead of the curve. This release updates all cryptographic parameters to meet modern standards:
PBKDF2: We increased iterations to 310,000 with 256-bit salts.
AES-256-GCM: We use authenticated encryption with 12-byte IVs and 16-byte auth tags.
- π Better UX & "Fail-Fast" Validation I wanted the experience to be smooth, not just secure.
Fail-Fast Validation: The system checks username availability early to prevent wasted input.
Progress Indicators: Professional loading bars for encryption and user management operations.
Professional Changelog: You'll now get automatic "What's New" notifications with a native VS Code markdown preview.
Why I Built This
I wanted a way to manage secrets that felt like GitOps. I didn't want to leave VS Code to manage permissions in a third-party dashboard. I wanted to git pull, type my password, and have my environment ready.
With DotEnvy 1.3.0, we are one step closer to that reality.
Try it out!
Download on Marketplace: [https://marketplace.visualstudio.com/items?itemName=FreeRave.dotenvy]
Star on GitHub: [https://github.com/kareem2099/dotenvy]
Let me know what you think in the comments! π
Top comments (0)