# I built an Encrypted Vault for .env files inside VS Code
Source: Dev.to
Let’s be honest: Handling .env files is a headache. We all know we shouldn’t commit them to Git, but what about local backups?
I realized that while I was being careful with .gitignore, I was casually copy‑pasting .env files to .env.old or .env.backup on my disk… in plain text. If anyone (or any malicious script) got access to my machine, my Stripe keys and DB credentials were sitting there like an open book.
So, I spent the last weekend rewriting the backup engine for my VS Code extension, DotEnvy, to fix this.
Meet DotEnvy v1.4.0 🚀
I just released version 1.4.0, which introduces AES‑256 Encrypted Backups. It allows you to snapshot your environment variables and lock them behind a password directly within VS Code.
🛠️ Under the Hood (For the Geeks)
I didn’t want “fake security” (like Base64 encoding). I wanted something I could trust with my own production keys.
Crypto stack:
- Algorithm:
AES-256-GCM(Authenticated Encryption). This ensures that if the backup file is tampered with (even one bit flipped), the decryption will fail instantly. - Key Derivation:
PBKDF2with 310,000 iterations andSHA-256. This makes brute‑forcing the password computationally expensive. - Salt & IV: Every single backup generates a unique, cryptographically secure random salt and initialization vector.
⚡ Performance
You might think 310k iterations would be slow. I optimized the implementation to keep the encryption overhead around ~170 ms for a standard .env file. It feels instant.
🌍 Cross‑Platform Portability
The coolest part? Since the encryption is standard, you can:
- Backup your
.envon your Linux workstation. - Sync the encrypted file (via Dropbox/Drive/whatever).
- Restore it on your Mac or Windows laptop just by entering the password.
🔗 Try it out
It’s open source and free. I’d love to hear your feedback or see your PRs!
- VS Code Marketplace: DotEnvy - VS Code Extension
- Open VSX (VSCodium): DotEnvy on Open VSX
- GitHub Repo: kareem2099/dotenvy
If you find this useful, a star on GitHub would make my day! Happy coding! 👨💻