The problem
Last year I nearly committed a Stripe live key to a public repo.
Caught it manually at the last second. But it made me think —
why doesn't VS Code warn me about this automatically?
So I built EnvGuard.
What it does
EnvGuard is a free VS Code extension that adds 6 things your
.env files have always needed:
- 🔐 Secret Scanner — detects 30+ patterns (AWS keys, GitHub tokens, Stripe keys, JWT tokens) with red underlines before you commit
- ✅ Schema Validation — define a .env.schema file, get instant errors for missing/wrong keys
- 🔄 Environment Switcher — save dev/staging/prod profiles, switch with one click
- 🔍 Diff Viewer — compare any two .env files side by side
- 📋 Example Generator — auto-generate .env.example from your real .env
- 🖥️ Dashboard — visual overview of all keys, security score, profiles
How the secret scanner works
Add this to your .env:
JWT_SECRET=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
EnvGuard immediately shows a red wavy underline and adds to
Problems panel: "Potential JWT Token detected — remove before committing"
Works for 30+ secret types including AWS, GitHub, Stripe, Google,
Slack, SendGrid, Firebase, and more.
The schema format
Create a .env.schema file:
DATABASE_URL=required|url|description:PostgreSQL connection string
PORT=required|number|default:3000
NODE_ENV=required|enum:development,staging,production
API_KEY=required|string|secret:true
DEBUG=optional|boolean|default:false
EnvGuard validates your .env against this in real time.
Install free
VS Code Marketplace:
https://marketplace.visualstudio.com/items?itemName=GayathriS.envguard-pro
GitHub (open source):
https://github.com/GayathriCodes2/EnvGuard.Extenstion
Honest request
This is my first published VS Code extension. If you try it
and find bugs, please open an issue on GitHub — I respond fast.
If it's useful, a ⭐ on GitHub genuinely helps.
Top comments (0)