Your .env files. No new tools required.
Your .env files,
under control.
You already use .env files. Dotvault gives you a proper editor, version history, and diff tooling for them. No accounts, no CLIs, and your secrets don't go anywhere.
Why Dotvault
No new tools. No new workflow. Just less pain.
Zero setup
No account required
No cloud account, no CLI to install, no third-party service to depend on. Buy a licence, open the app, point it at a project folder. Done.
Local-first
Your files stay yours
Secrets never leave your machine. No cloud sync, no third-party storage, no trust required. Encrypted on disk via your macOS Keychain.
Existing workflow
Works with what you already have
.env files are already how you manage configuration. Dotvault doesn't ask you to change that. It just makes the whole thing considerably less painful.
Features
Everything you actually need to manage .env files.
For developers juggling multiple projects, environments, and secrets every day.
Visual editor
Edit variables in a structured view with sections, comments, and inline annotations. No more squinting at raw text files.
Framework detection
Auto-detects 111+ frameworks and packages across npm, Composer, pip, and gems. Annotates variables with descriptions and required flags.
Diff view
Compare any two environment files side-by-side. See what changed, what's missing, and sync keys between files.
Version history
Every save creates an encrypted snapshot. Browse, compare, and restore any previous version of your env files.
Git integration
Commit history, multi-file staging, inline blame, and diff view. Stage, unstage, and commit env files without leaving the app.
Env sync
Auto-prompts to sync new keys to .env.example on save. Choose keys-only or keys+values, with per-key control.
Search everywhere
Filter variables in the editor, or press ⌘K to search across all projects and files instantly.
Native macOS app
Signed and notarised by Apple. Auto-updates keep you current. Remembers your window size and position.
Templates
Create new .env files from scratch or from a framework template. Uses .env.example as a basis when available.
Smart warnings
Detects duplicate keys, validates value types, and flags exposed secrets in git-tracked files. Catches mistakes before they cause bugs.
Multi-file compare
See every variable across all your .env files in one matrix. Filter by differences or missing keys, copy values, and spot inconsistencies instantly.
App lock
Lock the app with Touch ID or your macOS password after a configurable inactivity timeout. Protects your secrets when you step away.
Diff & sync
Never miss a key again.
Compare environment files side-by-side. When you save, Dotvault checks if .env.example is out of sync and prompts you to update it.
- Side-by-side diff between any two env files
- Auto-sync prompt on save when keys are missing
- Choose keys-only (safe for git) or keys+values
- Per-key or bulk sync actions
Laravel encrypted env
Edit .env.encrypted like a normal file.
Laravel ships php artisan env:encrypt for production
secrets, and you'd normally bounce between the CLI and a password manager every time you
need to look at one. Dotvault edits encrypted env files directly — no PHP, no artisan,
no decrypt-edit-re-encrypt dance.
-
Open existing
.env.encryptedfiles — paste the key once, stored in your macOS Keychain - Encrypt a plaintext file with one click — Dotvault generates the key for you
- Two-checkbox safety gate so you can never lose a generated key by accident
- Rotate keys, convert between Standard and Readable formats in place
-
Post-encrypt git cleanup: untrack the plaintext, add to
.gitignore, stage the encrypted file - Smart detection — files that look encrypted but aren't open as plaintext, no phantom prompts
Ecosystem
Works with your stack.
Dotvault detects frameworks and packages from your project files and annotates variables with descriptions, required flags, and links to docs.
and 90+ more across npm, Composer, pip, and gems
Security
Your secrets stay on your machine.
Most tools that manage secrets need to store them somewhere. A cloud account, a synced vault, a third-party server. Dotvault doesn't. Everything stays in your project folder, encrypted with AES-256-GCM, keys stored in your macOS Keychain. No account to compromise. No server to breach.
AES-256-GCM encryption
Every snapshot is encrypted at rest. Each gets a unique initialisation vector.
Keychain storage
Your encryption key is stored in the macOS Keychain and never leaves your machine.
Fully offline
No cloud sync, no accounts. The app works entirely offline after install. Optional anonymous usage telemetry is opt-in and off by default — see what we collect.
Requirements
Runs on your Mac.
Download, open, work. No accounts, no setup.
macOS
12 Monterey or later
Architecture
Apple Silicon & Intel
Account
None — one-time licence
Pricing
Simple, honest pricing.
One price. One purchase. Yours to keep.
Launch pricing
One-time purchase
£29
Regular price £39 after launch
2 machines · no subscription · free 14-day trial
- Unlimited projects and
.envfiles - Visual diff and version history
- Encrypted file support (Laravel format)
- Framework templates and
.env.examplesync - Free updates for life
FAQ
Common questions.
Quick answers for the things people ask most.
What file formats are supported?
Standard .env files: anything named .env or starting with .env (e.g., .env.local, .env.production). Each line should be KEY=value format. Comments and blank lines are preserved.
Are my secrets safe?
Yes. Snapshots are encrypted with AES-256-GCM. The encryption key is stored in your macOS Keychain. Your .env file contents, variable names, and values never leave your machine. Optional anonymous usage telemetry (off by default) only sends feature usage signals — never keys, values, or file contents. See our privacy policy.
Do I need an account or anything extra?
No. Dotvault is a standalone macOS app with a one-time licence key. No cloud account to create, no CLI to install, no ongoing service to depend on. Enter your key, point it at a project folder, and you're working.
How do snapshots work?
Every time you save a file, Dotvault creates an encrypted snapshot. You can browse, compare, and restore any previous version from the History tab. An initial snapshot is captured automatically the first time you open a file.
Do I need PHP for encrypted env files?
No. Dotvault implements Laravel's AES-256-CBC encryption natively in Node.js. You can open, edit, create, rotate keys, and convert formats — all without PHP or artisan commands. After encrypting a file, Dotvault walks you through cleaning up git state so the plaintext never ends up committed by accident.
How does framework detection work?
Dotvault scans your project's package.json, composer.json, Gemfile, requirements.txt, and pyproject.toml to identify frameworks and packages. Over 110 are recognised across npm, Composer, pip, and gem ecosystems.
What does .env.example sync do?
After saving a .env file, Dotvault checks if any keys are missing from .env.example. You get a prompt to selectively add them: keys-only (safe for git) or keys+values.
What keyboard shortcuts are available?
Cmd+S to save, Cmd+Z to undo, Cmd+Shift+Z to redo, Cmd+K for cross-project search. Open Help → Keyboard Shortcuts for the full list.
Can I open a project in my terminal or editor?
Yes. Right-click any project in the sidebar for Open in Finder, Terminal, or Editor. Set your preferred apps in Settings.
Download
Download Dotvault
Free 14-day trial. macOS only. No account required.
Not sure? Apple menu → About This Mac → Chip