EnvForge is the environment variable manager built to protect secrets FROM AI coding agents. 28 safety tools. Zero cloud dependency. One CLI + a Language Server that lights up VS Code and IntelliJ with an AI-exposure heatmap, fence shield, and canary tripwire glyphs.
Works with
Five commands. Full protection for Cursor, Copilot, and Claude Code.
# 1. Block AI tools from reading secrets $ envforge fence Created .envforgeignore Created .cursorignore Created .claude/settings.json # 2. Give AI context without values $ envforge schema emit-ai --infer --output .env.ai.md AI context written to .env.ai.md (42 variables) # 3. Install pre-commit hook + AI guard $ envforge scan --install-hook Pre-commit hook installed $ envforge ai-hook install claude-code Hooks installed: PreToolUse + PostToolUse # 4. Scan and harden AI tool configs $ envforge scan --mcp 2 credential(s) found in MCP configs $ envforge mcp harden 2 secrets replaced with ${VAR} references
EnvForge ships a Language Server and first-party VS Code + IntelliJ plugins so the AI-safety story is visible where you write code — not buried in a CLI.
AI BLOCKED / AI ALLOWED), and a volatile-lease countdown with sub-minute precision and color escalation.process.env.X, os.environ["X"], std::env::var("X") in TS / JS / Python / Rust / Go / Java / Kotlin / Ruby / PHP / C# / Shell and land on the schema entry..cursor/mcp.json, .claude/settings.json, and friends..env from schema, use secret reference — one keystroke each.Both plugins are thin clients over envforge lsp. Same backend, byte-identical classification, contract-locked parity.
Six security layers. From prevention to governance.
| Layer | Tool | Command | What it does |
|---|---|---|---|
| Prevention | Secret Fence | envforge fence | Ignore rules for Cursor, Copilot, Claude Code |
| Prevention | Pre-Commit Hook | envforge scan --install-hook | Block commits containing secrets |
| Prevention | 3-Stage AI Guard | envforge ai-guard | Pre-tool + post-tool scanning |
| Prevention | AI Hooks | envforge ai-hook install | Security hooks in Claude Code & Cursor |
| Prevention | File Alerts | built-in | Warn on .env, .pem, .ssh/ access |
| Runtime | Volatile Mode | envforge run --volatile | Secrets in memory only — never on disk |
| Runtime | Log Redaction | envforge run --redact | Mask secrets in subprocess output |
| Runtime | Credential Proxy | envforge proxy | HTTP API with allowlist + audit |
| Runtime | Session Leases | envforge lease create | Time-bounded secret access |
| Runtime | Killswitch | envforge revoke --all | Instantly revoke all access |
| Context | AI-Safe Schema | envforge schema emit-ai | Types & names without values |
| Context | Safe Export | envforge export --safe | Redacted [REDACTED] values |
| Context | Ignore File | .envforgeignore | Mark files AI tools should skip |
| Remediation | MCP Scan | envforge scan --mcp | Find creds in AI tool configs |
| Remediation | MCP Harden | envforge mcp harden | Auto-replace with ${VAR} refs |
| Remediation | Prompt Sanitizer | envforge sanitize | Strip secrets from any file |
| Detection | Canary Secrets | envforge canary create | Honeypot credentials — alert on exfiltration |
| Detection | AI Leak Audit | envforge audit --ai-leaks | Scan git for AI-assisted leaks |
| Detection | Access Audit | envforge audit --access | JSONL log of all proxy access |
| Governance | Approval Flow | --require-approval | Human approves each access |
| Governance | Dependency Map | envforge deps KEY | What breaks if this secret rotates? |
| Governance | External Scanner | ENVFORGE_EXTERNAL_SCANNER | Delegate to ggshield 500+ detectors |
A complete environment variable manager with 90+ commands.
Git-based cross-machine sync with age encryption. Selective keys, machine overrides, rollback. Offline-first.
Vault, AWS SSM, 1Password, Doppler, Infisical, GCP, Azure, Bitwarden, Akeyless, Conjur, SOPS, pass/gopass, Keeper. Pull, push, reference.
.env.schema with types, defaults, descriptions. Drift detection. JSON Schema for editor autocomplete. Docs generation.
Vim-style TUI with fuzzy search, grouping, masking. 90+ CLI commands with --json and --dry-run. Shell completions.
dotenv, JSON, YAML, TOML, Docker, Docker Secrets, Kubernetes Secret, Terraform tfvars.
Profiles, snapshots, rotation with propagation, shell auto-load, secure sharing, unified health check.
Secrets in memory. Logs redacted. Leases enforced. Nothing leaks.
# Secrets in memory only + log redaction $ envforge run --volatile --redact -- npm start Volatile mode: secrets resolved in memory only Connecting to [REDACTED:DB_PASSWORD]@host... Server running on port 3000 # Time-bounded access with credential proxy $ envforge lease create --ttl 1h --keys DB_URL,API_KEY Lease created: session-143052 Expires: 2026-04-20T21:00:00Z Keys: DB_URL, API_KEY $ envforge proxy --port 8100 --require-lease Credential proxy on http://127.0.0.1:8100 Lease enforcement: ON # Emergency: revoke all access instantly $ envforge revoke --all KILLSWITCH: 3 lease(s) revoked.
Everything versioned. Everything encrypted. Nothing leaks into your repo.
Age (X25519) encrypted snapshots pushed to any Git remote. Auto-decrypt on pull. Your env vars are ciphertext in the repo — only your machines can read them.
Semantic three-way merge for .env files. Different keys auto-merged. Same key, different values → clean conflict markers. envforge git install-merge-driver
Scan source code and staged files for leaked secrets. Pre-commit hook blocks commits. MCP config scanning for AI tool credentials.
Full change history from sync Git log. SOC2 compliance reports. Chain of custody tracking. Tamper-evident logs with cryptographic integrity verification. envforge audit-trail report --report-type compliance
Plugs into your existing stack. No migration required.
Pull and push secrets from 13 providers. Configure once, use everywhere. URI refs: vault://secret/myapp/DB_URL
HashiCorp Vault · AWS SSM · 1Password · Doppler · Infisical · GCP Secret Manager · Azure Key Vault · Bitwarden · Akeyless · CyberArk Conjur · Mozilla SOPS · pass/gopass · Keeper
Official GitHub Action with 5 modes: validate, secrets-pull, export, run, drift. Works in any CI pipeline via envforge run.
GitHub Actions · GitLab CI · CircleCI · Jenkins · Any CI with shell
direnv-style auto-load. Profile switches without shell restart. Completions for zsh, bash, fish.
eval "$(envforge hook zsh)" · eval "$(envforge hook bash)" · envforge hook fish | source
8 formats. One command. Feed your secrets into any infrastructure tool.
.env · JSON · YAML · TOML · Docker · Docker Secrets · Kubernetes Secret · Terraform tfvars
Built-in LSP server. Diagnostics, hover, completions, go-to-definition in your editor. Variables panel with grouping and profile switching.
VS Code · IntelliJ IDEA · Neovim · Helix · Sublime Text
Every workflow thought through. Every edge case handled.
X-ray view of any key. Source file, line number, profile, schema type, encryption status, sync marking, secret age — all in one command. envforge explain KEY
Guided interactive rotation. Masked input. Auto-resets age. Pushes to provider and sync with --propagate. Bulk rotate stale secrets with --stale.
Backup and restore your entire env state. Diff against previous snapshots. Auto-prune to 20. Safety net before any risky change.
One command runs doctor + validate + scan + age + drift. Fix hints for every failure. --only for selective checks. --json for CI.
Age-encrypted share files. Recipient decrypts with their key. Optional expiry. envforge share create --recipient age1... --all
Dev, staging, prod — switch instantly. Merge multiple profiles: envforge run --profiles dev,staging. Last wins. Compare with profile diff.
The only tool with comprehensive AI safety AND full env management.
| EnvForge | ggshield | dotenvx | Infisical | Doppler | Varlock | |
|---|---|---|---|---|---|---|
| AI safety tools | 22 | 3 | 2 | 1 | 0 | 7 |
| Pre-tool scanning | ✓ | ✓ | ✕ | ✕ | ✕ | ✕ |
| Canary secrets | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
| Session leases + killswitch | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
| MCP config harden | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
| Volatile mode (no disk) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
| Dependency mapping | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
| Full env management | ✓ | ✕ | ✓ | ✓ | ✓ | ✓ |
| TUI interface | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
| 13 secret providers | ✓ | ✕ | ✕ | ✓ | ✓ | ✓ |
| Encrypted sync | ✓ | ✕ | ✓ | ✓ | ✓ | ✕ |
| Free & open source | ✓ | ✓ | ✓ | Partial | ✕ | ✓ |
| Zero cloud dependency | ✓ | ✕ | ✓ | ✕ | ✕ | ✓ |
Rust 1.75+ required. Linux and macOS.
Or build from source:
git clone https://github.com/emreerinc/envforge && cd envforge && cargo install --path .
Then set up shell completions and man pages:
# Shell completions (auto-install) $ envforge completions zsh --install $ envforge completions bash --install $ envforge completions fish --install # Kiro CLI / Fig / Amazon Q autocomplete $ envforge completions kiro --install $ kiro-cli restart # Built-in man pages $ envforge man # full command index $ envforge man fence # specific command