An example repo using Varlock within the Epic Stack to help manage configuration and secrets.
With Varlock, we convert the .env.example file into a .env.schema which contains additional schema information about all configuration in the system. This will improve developer onboarding into the epic stack, as well as ongoing DX as devs add more config into their apps. It adds additional guardrails around configuration in general, and notably adds additional protection for sensitive secrets.
- validations, default values, and documentation are all now in one source of truth (
.env.schema) - no more duplication between
.env.exampleand.env, which means it will never get out of sync - only overrides must be added by user
- clear env validation, decoupled from the application booting
- improved TS types / IntelliSense
- allows more flexible validation and composition of values based on other items
- easy to now pull secrets from secure backends like 1pass, etc
- leak prevention! log redaction!
- clear error messages when accessing bad env vars, or using them in wrong place
Some screenshots of varlock in action:
varlock load showing loaded and validated env
Improved IntelliSense
Leak detection example
Log redaction example
Example of failing env validation
