Desktop app for macOS

Your .env files,
under control.

Browse, edit, diff, and version your environment files across every project. Secrets never leave your machine.

Coming soon for macOS See features

macOS 12+ · Apple Silicon & Intel

vault
Search... ⌘K
Projects
my-saas-app
Local
.env M loc
Production
.env.production I pro
Example
.env.example exa
New file...
marketing-site
api-gateway
Editor
Diff
Compare
History
Git
.env Clean local
Detected: Vite Laravel Stripe Sentry Redis Resend
Filter: All Required Sources Custom Warnings
Search keys or values...
Variable
General
APP_NAME My App
Laravel * Application name
APP_ENV local
Laravel * Application environment (local/production) default
APP_KEY base64:••••••••••••••••
Laravel * Application encryption key
APP_DEBUG true
Laravel * Debug mode toggle default
APP_TIMEZONE UTC
Laravel Application timezone default
APP_URL https://myapp.test
Laravel * Application base URL
Save Save as... Discard
Export Import Group

Features

Everything you need to manage .env files.

Built for developers who juggle multiple projects, environments, and secrets daily.

Visual editor

Edit variables in a structured view with sections, comments, and inline annotations. No more hunting through raw text files.

Framework detection

Auto-detects 111+ frameworks and packages across npm, Composer, pip, and gems. Annotates variables with descriptions and required flags.

Diff view

Compare any two environment files side-by-side. See what changed, what's missing, and sync keys between files.

Version history

Every save creates an encrypted snapshot. Browse, compare, and restore any previous version of your env files.

Git integration

Status badges, inline blame, diff view, stage and commit actions. See which env files are tracked, modified, or ignored.

Env sync

Auto-prompts to sync new keys to .env.example on save. Choose keys-only or keys+values, with per-key control.

Encrypted env files

Open Laravel .env.encrypted files natively — no PHP needed. Decrypt, edit, and re-encrypt with AES-256-CBC. Keys stored securely in your OS keychain.

Search everywhere

Filter variables in the editor, or press ⌘K to search across all projects and files instantly.

Native macOS app

Built with Electron, signed and notarised by Apple. Auto-updates keep you current. Remembers your window size and position.

Templates

Create new .env files from scratch or from a framework template. Uses .env.example as a basis when available.

Smart warnings

Detects duplicate keys, validates value types, and flags exposed secrets in git-tracked files. Catches mistakes before they cause bugs.

Multi-file compare

See every variable across all your .env files in one matrix. Instantly spot differences, missing keys, and inconsistencies.

App lock

Lock the app with Touch ID or your macOS password after a configurable inactivity timeout. Protects your secrets when you step away.

Diff & sync

Never miss a key again.

Compare environment files side-by-side. When you save, Dotvault checks if .env.example is out of sync and prompts you to update it.

  • Side-by-side diff between any two env files
  • Auto-sync prompt on save when keys are missing
  • Choose keys-only (safe for git) or keys+values
  • Per-key or bulk sync actions
# Database
DB_HOST=localhost
DB_PORT=5432
- CACHE_TTL=3600
+ CACHE_TTL=7200
+ CACHE_DRIVER=redis
 
# API Keys
STRIPE_KEY=sk_test_•••
+ OPENAI_KEY=

Ecosystem

Works with your stack.

Dotvault detects frameworks and packages from your project files and annotates variables with descriptions, required flags, and links to documentation.

Laravel Next.js Nuxt Rails Django FastAPI Vite Remix Stripe Sentry Prisma Supabase Auth0 Resend OpenAI Clerk Redis Livewire Spatie Filament

and 90+ more across npm, Composer, pip, and gems

Security

Your secrets stay on your machine.

Dotvault is a local-first app. Nothing is sent to the cloud, no accounts required, no telemetry.

🔒

AES-256-GCM encryption

Every snapshot is encrypted at rest. Each gets a unique initialisation vector.

🔑

Keychain storage

Your encryption key is stored in the macOS Keychain via Electron's safeStorage API.

💻

Fully offline

No cloud sync, no accounts, no analytics. The app works entirely offline after install.

FAQ

Common questions.

Quick answers for the things developers ask most.

What file formats are supported?

Standard .env files — files named .env or starting with .env. (e.g., .env.local, .env.production). Each line should be in KEY=value format. Comments and blank lines are preserved.

Are my secrets safe?

Yes. Snapshots are encrypted with AES-256-GCM. The encryption key is stored in your macOS Keychain. Secrets never leave your machine — there is no cloud sync, no accounts, no telemetry.

How do snapshots work?

Every time you save a file, Dotvault creates an encrypted snapshot. You can browse, compare, and restore any previous version from the History tab. An initial snapshot is captured automatically the first time you open a file.

Do I need PHP for encrypted env files?

No. Dotvault implements Laravel's AES-256-CBC encryption natively in Node.js. You can decrypt, edit, and re-encrypt .env.encrypted files without PHP or artisan commands.

How does framework detection work?

Dotvault scans your project's package.json, composer.json, Gemfile, requirements.txt, and pyproject.toml to identify frameworks and packages. Over 110 are recognised across npm, Composer, pip, and gem ecosystems.

What does .env.example sync do?

After saving a .env file, Dotvault checks if any keys are missing from .env.example. A prompt appears letting you selectively add them — choose keys-only (safe for git) or keys+values.

What if git is not installed?

Git features are optional. If git is not found on your system, all git indicators and the Git tab are simply hidden. Your workflow is unaffected.

What happens if I reinstall the app?

Your encryption key is stored in the macOS Keychain. If you reset your Keychain or reinstall macOS, snapshot history will be lost. Your .env files on disk are not affected.

Changelog

What's new.

Recent releases and what shipped in each.

v1.5.0 Latest
  • Duplicate key detection with inline warnings
  • Variable validation — heuristic warnings for type mismatches
  • Secret leak detection for git-tracked files
  • Clipboard import with diff preview and selective merge
  • Auto-group variables into sections by framework or prefix
  • Multi-file comparison matrix across all env files
  • App lock with Touch ID or macOS password
  • Drag-to-reorder projects in the sidebar
v1.4.0 March 2026
  • Laravel encrypted env file support — no PHP needed
  • Per-file encryption key management via OS keychain
  • Standard and Readable encryption formats with auto-detection
  • Bi-directional sync between plaintext and encrypted files
v1.1.0 March 2026
  • Git integration — status badges, inline blame, diff, stage, and commit
  • Create new .env files from blank or framework templates
  • Env sync — auto-prompts to sync keys to .env.example
  • 111+ package detection across npm, Composer, pip, and gems
v1.0.0 March 2026
  • Visual editor with sections, annotations, and search
  • Snapshot history with encrypted version control
  • Framework detection with variable annotations
  • Code signing, notarisation, and in-app auto-updates

Ready to take control
of your .env files?

Dotvault for macOS is coming soon.

Coming soon

macOS 12+ · Apple Silicon & Intel · Signed & notarised by Apple

Get in touch

Questions, feedback, or just want to say hi?

Drop us a line — we'd love to hear from you.

hello@dotvault.dev