P2P secrets management with post-quantum encryption, directly in VS Code.
The status bar shows your current environment and sync status at a glance:
- Environment name with color coding (green for dev, yellow for staging, red for prod)
- Lock status indicating whether secrets are currently decrypted
- Sync indicator showing peer connection status
- Click to quickly switch environments
Access all features via the command palette (Cmd+Shift+P / Ctrl+Shift+P):
| Command | Description |
|---|---|
envctl: Switch Environment |
Quick picker to switch between environments |
envctl: List Variables |
View variables in current environment (redacted) |
envctl: Copy Variable |
Copy a variable value to clipboard |
envctl: Refresh Status |
Manually refresh sync status |
envctl: Open Terminal with Secrets |
Open integrated terminal with secrets loaded |
envctl: Start Daemon |
Start the envctl daemon if not running |
envctl: Show Logs |
View envctl extension logs |
The ENVCTL panel in the Explorer sidebar shows:
- Current project name
- Available environments (click to switch)
- Daemon and peer connection status
- Lock status and variable count
When opening a new terminal in an envctl project, the extension can:
- Prompt to load secrets for the current environment
- Auto-inject secrets without prompting (configurable)
- Create named terminals showing which environment is loaded
- envctl CLI installed and in PATH
- envctl daemon running (
envctl daemon start) - Project linked to envctl (
envctl project link <name>)
| Setting | Default | Description |
|---|---|---|
envctl.autoInjectTerminal |
false |
Auto-inject secrets into new terminals |
envctl.showStatusBar |
true |
Show/hide status bar item |
envctl.environmentColors |
See below | Color mapping for environments |
envctl.envctlPath |
"" |
Path to envctl binary (empty = find in PATH) |
envctl.pollIntervalMs |
5000 |
Status polling interval in milliseconds |
{
"dev": "#4ade80",
"development": "#4ade80",
"staging": "#facc15",
"stage": "#facc15",
"prod": "#f87171",
"production": "#f87171"
}You can use envctl with VS Code's debugger by setting up a pre-launch task:
{
"version": "2.0.0",
"tasks": [
{
"label": "envctl: use prod",
"type": "shell",
"command": "envctl",
"args": ["env", "use", "prod"],
"problemMatcher": []
}
]
}{
"version": "0.2.0",
"configurations": [
{
"type": "node",
"request": "launch",
"name": "Debug with secrets",
"program": "${workspaceFolder}/src/index.js",
"envFile": "${workspaceFolder}/.env",
"preLaunchTask": "envctl: use prod"
}
]
}- Open a folder containing
.envctl/directory - Extension activates automatically
- Status bar shows current environment (e.g., "envctl: dev")
- If daemon isn't running, you'll see a warning
- Click the status bar item or run
envctl: Switch Environment - Select the desired environment from the quick picker
- Status bar updates to show new environment
- Secrets are decrypted for the new environment
- Run
envctl: Open Terminal with Secrets - A new terminal opens with secrets loaded
- Terminal tab shows which environment is active
- Run your commands with access to all secrets
- Secrets are never stored in plain text by the extension
- All cryptographic operations are handled by the envctl CLI
- Uses ML-KEM-768 (post-quantum) encryption
- Secrets are loaded into terminal environment, not written to disk
MIT