The problem
Last year I nearly committed a Stripe live key to a public repo.
Caught it manually at the last second. But it made me think β
why doesn't VS Code warn me about this automatically?
So I built EnvGuard.
What it does
EnvGuard is a free VS Code extension that adds 6 things your
.env files have always needed:
- π Secret Scanner β detects 30+ patterns (AWS keys, GitHub tokens, Stripe keys, JWT tokens) with red underlines before you commit
- β Schema Validation β define a .env.schema file, get instant errors for missing/wrong keys
- π Environment Switcher β save dev/staging/prod profiles, switch with one click
- π Diff Viewer β compare any two .env files side by side
- π Example Generator β auto-generate .env.example from your real .env
- π₯οΈ Dashboard β visual overview of all keys, security score, profiles
How the secret scanner works
Add this to your .env:
JWT_SECRET=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
EnvGuard immediately shows a red wavy underline and adds to
Problems panel: "Potential JWT Token detected β remove before committing"
Works for 30+ secret types including AWS, GitHub, Stripe, Google,
Slack, SendGrid, Firebase, and more.
The schema format
Create a .env.schema file:
DATABASE_URL=required|url|description:PostgreSQL connection string
PORT=required|number|default:3000
NODE_ENV=required|enum:development,staging,production
API_KEY=required|string|secret:true
DEBUG=optional|boolean|default:false
EnvGuard validates your .env against this in real time.
Install free
VS Code Marketplace:
https://marketplace.visualstudio.com/items?itemName=GayathriS.envguard-pro
GitHub (open source):
https://github.com/GayathriCodes2/EnvGuard.Extenstion
Honest request
This is my first published VS Code extension. If you try it
and find bugs, please open an issue on GitHub β I respond fast.
If it's useful, a β on GitHub genuinely helps.
Top comments (0)