By wrsmith108
Securely manage environment variables for secrets, API keys, and credentials using Varlock CLI. Mask sensitive data in terminals, logs, traces, and Claude context to prevent leaks. Validate configurations against .env.schema for robust security in development workflows.
npx claudepluginhub wrsmith108/varlock-claude-skillSecure-by-default environment variable management. Ensures secrets are never exposed in Claude sessions.
When working with Claude Code, secrets can accidentally leak into:
This skill wraps Varlock to enforce secure patterns and prevent accidental exposure.
mkdir -p ~/.claude/skills/varlock && curl -sSL https://raw.githubusercontent.com/wrsmith108/varlock-claude-skill/main/skills/varlock/SKILL.md -o ~/.claude/skills/varlock/SKILL.md
git clone https://github.com/wrsmith108/varlock-claude-skill /tmp/varlock-skill
cp -r /tmp/varlock-skill/skills/varlock ~/.claude/skills/
rm -rf /tmp/varlock-skill
Install the Varlock CLI:
curl -sSfL https://varlock.dev/install.sh | sh -s -- --force-no-brew
export PATH="$HOME/.varlock/bin:$PATH"
Secrets must NEVER appear in Claude's context.
| Never Do | Safe Alternative |
|---|---|
cat .env | cat .env.schema |
echo $SECRET | varlock load |
printenv | grep API | varlock load | grep API |
# Validate all secrets (shows masked values)
varlock load
# Quiet validation (no output on success)
varlock load --quiet
# Run command with secrets injected
varlock run -- npm start
# View schema (safe - no values)
cat .env.schema
Create .env.schema to define variable types and sensitivity:
# Global defaults
# @defaultSensitive=true @defaultRequired=infer
# Public config
# @type=enum(development,staging,production) @sensitive=false
NODE_ENV=development
# Sensitive secrets
# @type=string(startsWith=sk_) @required @sensitive
STRIPE_SECRET_KEY=
# @type=url @required @sensitive
DATABASE_URL=
| Annotation | Effect |
|---|---|
@sensitive | Value masked in all output |
@sensitive=false | Value shown (for public keys) |
@required | Must be present |
@type=string(startsWith=X) | Prefix validation |
When users ask Claude to:
varlock load | grep API_KEYvarlock load (validates all)cat .env.schema insteadThis skill wraps Varlock by DMNO.
MIT
DevsForge Enterprise Environment Configuration Manager delivering comprehensive secrets management, configuration validation excellence, and multi-environment orchestration that transforms environment configuration from scattered files into centralized, secure, and intelligent configuration systems with enterprise-grade security
Share bugs, ideas, or general feedback.
Blocks secrets and PII before they reach the Anthropic API
Secret safety hooks: auto-load credentials via CLAUDE_ENV_FILE, redact secrets from CLI output. Powered by the nopeek CLI.
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
The most comprehensive Claude Code plugin — 48 agents, 182 skills, 68 legacy command shims, selective install profiles, and production-ready hooks for TDD, security scanning, code review, and continuous learning
Stripe development plugin for Claude