Desktop app for macOS

Your .env files,
under control.

Browse, edit, diff, and version your environment files across every project. Secrets never leave your machine.

Coming soon for macOS See features

macOS 12+ · Apple Silicon & Intel

vault
Search... ⌘K
Projects
my-saas-app
Local
.env M loc
Production
.env.production I pro
Example
.env.example exa
New file...
marketing-site
api-gateway
Editor
Diff
Compare
History
Git
.env Clean local
Detected: Vite Laravel Stripe Sentry Redis Resend
Filter: All Required Sources Custom Warnings
Search keys or values...
Variable
General
APP_NAME My App
Laravel * Application name
APP_ENV local
Laravel * Application environment (local/production) default
APP_KEY base64:••••••••••••••••
Laravel * Application encryption key
APP_DEBUG true
Laravel * Debug mode toggle default
APP_TIMEZONE UTC
Laravel Application timezone default
APP_URL https://myapp.test
Laravel * Application base URL
Save Save as... Discard
Export Import Group

Features

Everything you need to manage .env files.

Built for developers who juggle multiple projects, environments, and secrets daily.

Visual editor

Edit variables in a structured view with sections, comments, and inline annotations. No more hunting through raw text files.

Framework detection

Auto-detects 111+ frameworks and packages across npm, Composer, pip, and gems. Annotates variables with descriptions and required flags.

Diff view

Compare any two environment files side-by-side. See what changed, what's missing, and sync keys between files.

Version history

Every save creates an encrypted snapshot. Browse, compare, and restore any previous version of your env files.

Git integration

Commit history, multi-file staging, inline blame, and diff view. Stage, unstage, and commit env files without leaving the app.

Env sync

Auto-prompts to sync new keys to .env.example on save. Choose keys-only or keys+values, with per-key control.

Encrypted env files

Open Laravel .env.encrypted files natively — no PHP needed. Decrypt, edit, and re-encrypt with AES-256-CBC. Keys stored securely in your OS keychain.

Search everywhere

Filter variables in the editor, or press ⌘K to search across all projects and files instantly.

Native macOS app

Built with Electron, signed and notarised by Apple. Auto-updates keep you current. Remembers your window size and position.

Templates

Create new .env files from scratch or from a framework template. Uses .env.example as a basis when available.

Smart warnings

Detects duplicate keys, validates value types, and flags exposed secrets in git-tracked files. Catches mistakes before they cause bugs.

Multi-file compare

See every variable across all your .env files in one matrix. Filter by differences or missing keys, copy values, and spot inconsistencies instantly.

App lock

Lock the app with Touch ID or your macOS password after a configurable inactivity timeout. Protects your secrets when you step away.

Diff & sync

Never miss a key again.

Compare environment files side-by-side. When you save, Dotvault checks if .env.example is out of sync and prompts you to update it.

  • Side-by-side diff between any two env files
  • Auto-sync prompt on save when keys are missing
  • Choose keys-only (safe for git) or keys+values
  • Per-key or bulk sync actions
# Database
DB_HOST=localhost
DB_PORT=5432
- CACHE_TTL=3600
+ CACHE_TTL=7200
+ CACHE_DRIVER=redis
 
# API Keys
STRIPE_KEY=sk_test_•••
+ OPENAI_KEY=

Ecosystem

Works with your stack.

Dotvault detects frameworks and packages from your project files and annotates variables with descriptions, required flags, and links to documentation.

Laravel Next.js Nuxt Rails Django FastAPI Vite Remix Stripe Sentry Prisma Supabase Auth0 Resend OpenAI Clerk Redis Livewire Spatie Filament

and 90+ more across npm, Composer, pip, and gems

Security

Your secrets stay on your machine.

Dotvault is a local-first app. Nothing is sent to the cloud, no accounts required, no telemetry.

🔒

AES-256-GCM encryption

Every snapshot is encrypted at rest. Each gets a unique initialisation vector.

🔑

Keychain storage

Your encryption key is stored in the macOS Keychain via Electron's safeStorage API.

💻

Fully offline

No cloud sync, no accounts, no analytics. The app works entirely offline after install.

FAQ

Common questions.

Quick answers for the things developers ask most.

What file formats are supported?

Standard .env files — files named .env or starting with .env. (e.g., .env.local, .env.production). Each line should be in KEY=value format. Comments and blank lines are preserved.

Are my secrets safe?

Yes. Snapshots are encrypted with AES-256-GCM. The encryption key is stored in your macOS Keychain. Secrets never leave your machine — there is no cloud sync, no accounts, no telemetry.

How do snapshots work?

Every time you save a file, Dotvault creates an encrypted snapshot. You can browse, compare, and restore any previous version from the History tab. An initial snapshot is captured automatically the first time you open a file.

Do I need PHP for encrypted env files?

No. Dotvault implements Laravel's AES-256-CBC encryption natively in Node.js. You can decrypt, edit, and re-encrypt .env.encrypted files without PHP or artisan commands.

How does framework detection work?

Dotvault scans your project's package.json, composer.json, Gemfile, requirements.txt, and pyproject.toml to identify frameworks and packages. Over 110 are recognised across npm, Composer, pip, and gem ecosystems.

What does .env.example sync do?

After saving a .env file, Dotvault checks if any keys are missing from .env.example. A prompt appears letting you selectively add them — choose keys-only (safe for git) or keys+values.

What keyboard shortcuts are available?

Cmd+S to save, Cmd+Z to undo, Cmd+Shift+Z to redo, Cmd+K for cross-project search. Open Help → Keyboard Shortcuts for the full list.

Can I open a project in my terminal or editor?

Yes. Right-click any project in the sidebar for Open in Finder, Terminal, or Editor. Set your preferred apps in Settings.

Changelog

What's new.

Recent releases and what shipped in each.

v1.6.0 Latest
  • Right-click context menus on projects and env files
  • Open in Finder, Terminal, or Editor with configurable preferences
  • Git panel redesign — commit history, multi-file staging, branch display
  • Compare view redesign — filter by differences, sticky columns, copy values
  • Undo/redo with 50-step history (Cmd+Z / Cmd+Shift+Z)
  • Keyboard shortcuts reference panel in the Help menu
  • Toast notifications, discard confirmation, accessibility improvements
v1.5.0 March 2026
  • Duplicate key detection with inline warnings
  • Secret leak detection for git-tracked files
  • Clipboard import with diff preview and selective merge
  • Multi-file comparison matrix across all env files
  • App lock with Touch ID or macOS password
v1.4.0 March 2026
  • Laravel encrypted env file support — no PHP needed
  • Per-file encryption key management via OS keychain
  • Standard and Readable encryption formats with auto-detection
  • Bi-directional sync between plaintext and encrypted files
v1.1.0 March 2026
  • Git integration — status badges, inline blame, diff, stage, and commit
  • Create new .env files from blank or framework templates
  • Env sync — auto-prompts to sync keys to .env.example
  • 111+ package detection across npm, Composer, pip, and gems
v1.0.0 March 2026
  • Visual editor with sections, annotations, and search
  • Snapshot history with encrypted version control
  • Framework detection with variable annotations
  • Code signing, notarisation, and in-app auto-updates

Ready to take control
of your .env files?

Dotvault for macOS is coming soon.

Coming soon

macOS 12+ · Apple Silicon & Intel · Signed & notarised by Apple

Get in touch

Questions, feedback, or just want to say hi?

Drop us a line — we'd love to hear from you.

hello@dotvault.dev