### Run Varlock setup wizard Source: https://varlock.dev/getting-started/installation After installing Varlock as a standalone binary, run this command to start the setup wizard. ```bash varlock init ``` -------------------------------- ### Initialize Varlock CLI Source: https://varlock.dev/reference/cli-commands Starts an interactive onboarding process to help create your `.env.schema` and install varlock as a dependency. Use the `--agent` option for non-interactive setup in automation workflows. ```bash varlock init [options] ``` ```bash # Interactive setup wizard varlock init ``` ```bash # Non-interactive setup for AI agents varlock init --agent ``` -------------------------------- ### Install TanStack Start Vite Integration with bun Source: https://varlock.dev/integrations/tanstack-start Install the necessary packages for the Vite integration using bun. ```bash bun add @varlock/vite-integration varlock ``` -------------------------------- ### Install Packages with bun Source: https://varlock.dev/integrations/tanstack-start Install the Varlock Cloudflare integration, the Cloudflare Vite plugin, and TanStack Start using bun. ```bash bun add @varlock/cloudflare-integration @cloudflare/vite-plugin varlock ``` -------------------------------- ### Install TanStack Start Vite Integration with vlt Source: https://varlock.dev/integrations/tanstack-start Install the necessary packages for the Vite integration using vlt. ```bash vlt install @varlock/vite-integration varlock ``` -------------------------------- ### Install TanStack Start Vite Integration with yarn Source: https://varlock.dev/integrations/tanstack-start Install the necessary packages for the Vite integration using yarn. ```bash yarn add @varlock/vite-integration varlock ``` -------------------------------- ### Install TanStack Start Vite Integration with npm Source: https://varlock.dev/integrations/tanstack-start Install the necessary packages for the Vite integration using npm. ```bash npm install @varlock/vite-integration varlock ``` -------------------------------- ### Install Packages with npm Source: https://varlock.dev/integrations/tanstack-start Install the Varlock Cloudflare integration, the Cloudflare Vite plugin, and TanStack Start using npm. ```bash npm install @varlock/cloudflare-integration @cloudflare/vite-plugin varlock ``` -------------------------------- ### Define Start Script with Varlock Source: https://varlock.dev/llms-full.txt Configure the 'start' script in package.json to use 'varlock run' for loading environment variables before starting the Node.js application. ```json "scripts": { "start": "varlock run -- node index.js" } ``` -------------------------------- ### Install Packages with vlt Source: https://varlock.dev/integrations/tanstack-start Install the Varlock Cloudflare integration, the Cloudflare Vite plugin, and TanStack Start using vlt. ```bash vlt install @varlock/cloudflare-integration @cloudflare/vite-plugin varlock ``` -------------------------------- ### Install Varlock and Next.js Integration (bun) Source: https://varlock.dev/integrations/nextjs Install the necessary Varlock packages using bun. ```bash bun add @varlock/nextjs-integration varlock ``` -------------------------------- ### Install TanStack Start Vite Integration with pnpm Source: https://varlock.dev/integrations/tanstack-start Install the necessary packages for the Vite integration using pnpm. ```bash pnpm add @varlock/vite-integration varlock ``` -------------------------------- ### Generated Varlock Setup Prompt Source: https://varlock.dev/prompt-builder This prompt helps set up Varlock for a single-project repository. It includes instructions for initialization, schema authoring, and plugin installation. ```bash Help me set up **Varlock** (AI-safe `.env` workflow: `.env.schema`, validation, plugins) for this project. ## Repository layout - **Single project:** one primary Varlock setup at the repo root (adjust if multiple env files are needed). Please run `varlock init --agent`, author a sensible of `.env.schema` files (as many as needed), and install any required Varlock plugins and framework/language integrations for the stack above. Always prefer the linked Varlock docs. You can validate your `.env.schema` with `varlock load --agent`. ``` -------------------------------- ### Install Varlock with bun Source: https://varlock.dev/integrations/cloudflare Install the Cloudflare integration and varlock packages using bun. ```bash bun add @varlock/cloudflare-integration varlock ``` -------------------------------- ### Install Packages with yarn Source: https://varlock.dev/integrations/tanstack-start Install the Varlock Cloudflare integration, the Cloudflare Vite plugin, and TanStack Start using yarn. ```bash yarn add @varlock/cloudflare-integration @cloudflare/vite-plugin varlock ``` -------------------------------- ### Setup Fish Completion for Standalone Installs Source: https://varlock.dev/guides/shell-completion Installs varlock's Fish completion script for standalone installations. Ensure varlock is on your PATH. This involves creating a directory and generating the script. Fish loads completions automatically. ```shell mkdir -p ~/.config/fish/completions varlock complete fish > ~/.config/fish/completions/varlock.fish ``` -------------------------------- ### Setup Bash Completion for Standalone Installs Source: https://varlock.dev/guides/shell-completion Installs varlock's Bash completion script for standalone installations. Ensure varlock is on your PATH. This involves creating a directory, generating the script, and sourcing it. ```shell mkdir -p ~/.local/share/bash-completion/completions varlock complete bash > ~/.local/share/bash-completion/completions/varlock source ~/.bashrc ``` -------------------------------- ### Install Packages with pnpm Source: https://varlock.dev/integrations/tanstack-start Install the Varlock Cloudflare integration, the Cloudflare Vite plugin, and TanStack Start using pnpm. ```bash pnpm add @varlock/cloudflare-integration @cloudflare/vite-plugin varlock ``` -------------------------------- ### Install Varlock using GitHub Backend Source: https://varlock.dev/integrations/mise Install the Varlock CLI using the 'github' backend. This method installs a standalone binary and does not require a Node.js runtime. Mise automatically verifies checksums and build attestations. ```toml [tools] "github:dmno-dev/varlock" = "latest" ``` -------------------------------- ### Varlock load successful output example Source: https://varlock.dev/getting-started/usage Example of the output from `varlock load` when configuration is valid. Shows resolved values, coercion, and overrides. ```text -- Resolved config -- ✅ SERVICE_NAME* └ "payments-api" ✅ LOG_LEVEL └ "info" ✅ PORT └ 8080 < coerced from "8080" ✅ FEATURE_FLAG_BETA └ true < coerced from "true" ✅ APP_ENV* └ "production" 🟡 process.env ✅ DATABASE_URL* 🔐sensitive └ po▒▒▒▒▒ ✅ SESSION_SECRET 🔐sensitive └ df▒▒▒▒▒ 📦 2m ago ✅ STRIPE_SECRET_KEY* 🔐sensitive └ sk▒▒▒▒▒ ``` -------------------------------- ### Using @example Decorator for Example Values Source: https://varlock.dev/reference/item-decorators The @example decorator provides a non-placeholder example value for a config item, which can be useful for documentation and IntelliSense. ```plaintext # @example="sk-abc123" SECRET_KEY= ``` -------------------------------- ### Install Varlock and Next.js Integration (npm) Source: https://varlock.dev/integrations/nextjs Install the necessary Varlock packages using npm. ```bash npm install @varlock/nextjs-integration varlock ``` -------------------------------- ### Install Varlock and Astro Integration (bun) Source: https://varlock.dev/integrations/astro Install the necessary packages for Varlock and its Astro integration using bun. ```bash bun add @varlock/astro-integration varlock ``` -------------------------------- ### Dockerfile for Containerized MCP Server with Varlock Source: https://varlock.dev/guides/mcp Set up a Dockerfile to install Varlock, copy application files, and use 'varlock run' to start the server within a container. ```dockerfile FROM node:22-alpine # Install varlock RUN npm install -g @varlock/cli WORKDIR /app # Copy package files COPY package*.json ./ COPY pnpm-lock.yaml ./ # Install dependencies RUN npm install -g pnpm && pnpm install # Copy application files COPY . . # Build the application RUN pnpm build # Use varlock run to start the server CMD ["varlock", "run", "--", "node", "dist/server.js"] ``` -------------------------------- ### Install Varlock and Next.js Integration (yarn) Source: https://varlock.dev/integrations/nextjs Install the necessary Varlock packages using yarn. ```bash yarn add @varlock/nextjs-integration varlock ``` -------------------------------- ### Install Varlock and Vite Integration (bun) Source: https://varlock.dev/integrations/cloudflare-workers Install the necessary packages for Varlock integration using bun. ```bash bun add @varlock/vite-integration varlock ``` -------------------------------- ### Install Varlock and Next.js Integration (vlt) Source: https://varlock.dev/integrations/nextjs Install the necessary Varlock packages using vlt. ```bash vlt install @varlock/nextjs-integration varlock ``` -------------------------------- ### Verify Varlock Installation (GitHub Backend) Source: https://varlock.dev/integrations/mise After installing Varlock using the GitHub backend, verify the installation by checking the version. ```bash mise install varlock --version ``` -------------------------------- ### Install Varlock Cloudflare Integration (bun) Source: https://varlock.dev/integrations/cloudflare Install the necessary packages for Varlock Cloudflare integration using bun. ```bash bun add @varlock/cloudflare-integration @cloudflare/vite-plugin varlock ``` -------------------------------- ### Install Varlock and Next.js Integration (pnpm) Source: https://varlock.dev/integrations/nextjs Install the necessary Varlock packages using pnpm. ```bash pnpm add @varlock/nextjs-integration varlock ``` -------------------------------- ### Simple Development Setup with Pass Plugin Source: https://varlock.dev/plugins/pass This configuration demonstrates a basic setup for development environments. It uses the pass plugin to fetch environment variables directly from the default pass store. ```shell # @plugin(@varlock/pass-plugin) # @initPass() # --- # Entry paths match variable names DATABASE_URL=pass() REDIS_URL=pass() STRIPE_KEY=pass() ``` -------------------------------- ### Mixed Example with exec() Source: https://varlock.dev/reference/functions Shows a configuration item using the exec() function to load configuration from a script. ```plaintext CONFIG=exec(`./scripts/load-config.sh ${APP_ENV}`) ``` -------------------------------- ### Basic Plugin Initialization Example Source: https://varlock.dev/guides/plugins A basic example of plugin initialization using a root decorator, setting an account, token, and authentication method. Sensitive data like tokens should be passed via references to config items. ```javascript # @initOp(account=acmeco, token=$OP_TOKEN, allowAppAuth=forEnv(dev)) # --- # @type=opServiceAccountToken @sensitive OP_TOKEN= ``` -------------------------------- ### String Expansion Examples Source: https://varlock.dev/env-spec/reference Illustrates different forms of string expansion, including direct references, bracketed references, concatenation, fallbacks, and command execution. ```env # @import(./.env.shared, pick=[ # DATABASE_URL, # REDIS_URL, # STRIPE_KEY, # ]) DATABASE_URL= ``` ```env ALLOWED=fn([ dev, staging, prod, ]) ``` ```env # @sensitive={ # preventLeaks=false, # } SECRET= ``` -------------------------------- ### Install Dependencies for Bun-compiled Binary Source: https://varlock.dev/guides/docker If copying a Bun-compiled binary into a minimal Alpine-based image, ensure these essential packages are installed. ```dockerfile RUN apk add --no-cache ca-certificates libstdc++ ``` -------------------------------- ### Basic Import Examples Source: https://varlock.dev/guides/import Demonstrates various ways to use the @import() decorator, including importing specific files, directories, and files with key picking. ```javascript # @import(./.env.imported) # import specific file # @import(./env-dir/) # import directory # @import(./.env.partial, pick=[K1, K2]) # import specific keys # @import(~/.env.shared) # import from home directory ``` -------------------------------- ### Divider Syntax Examples Source: https://varlock.dev/env-spec/reference Demonstrates the use of dividers as visual separators within configuration files. ```env-spec # a divider can be used to visually separate sections # --- ITEM1= ITEM2= # --- another divider --- ITEM3= ``` -------------------------------- ### 1Password Plugin Configuration Example Source: https://varlock.dev/llms-full.txt This example shows how to load and initialize the 1Password plugin for Varlock, including defining custom data types and resolver functions for sensitive information. ```env-spec # @plugin(@varlock/1password-plugin) # load + install plugin # @initOp(token=$OP_TOKEN, allowAppAuth=true) # init via custom root decorator # --- # @type=opServiceAccountToken # custom data type OP_TOKEN= # @sensitive XYZ_API_KEY=op(op://api-prod/xyz/api-key) # custom resolver function ``` -------------------------------- ### Setup PowerShell Completion for Standalone Installs Source: https://varlock.dev/guides/shell-completion Installs varlock's PowerShell completion script for standalone installations. Ensure varlock is on your PATH. This involves appending the completion script to your PowerShell profile and sourcing it. ```powershell varlock complete powershell >> $PROFILE . $PROFILE ``` -------------------------------- ### Load and Initialize Akeyless Plugin Source: https://varlock.dev/plugins/akeyless Load the Akeyless plugin and initialize it with API Key credentials. Ensure environment variables for access ID and key are set. ```dotenv # @plugin(@varlock/akeyless-plugin) # # @initAkeyless(accessId=$AKEYLESS_ACCESS_ID, accessKey=$AKEYLESS_ACCESS_KEY) ``` -------------------------------- ### Initialize Varlock Configuration (vlx) Source: https://varlock.dev/integrations/expo Run the varlock init command using vlx to set up your .env.schema file. ```bash vlx -- varlock init ``` -------------------------------- ### Setup Zsh Completion for Standalone Installs Source: https://varlock.dev/guides/shell-completion Installs varlock's Zsh completion script for standalone installations. Ensure varlock is on your PATH. This involves creating a directory, updating your zshrc, generating the script, and sourcing it. ```shell mkdir -p ~/.zsh/completions echo 'fpath=(~/.zsh/completions $fpath)' >> ~/.zshrc echo 'autoload -U compinit && compinit' >> ~/.zshrc varlock complete zsh > ~/.zsh/completions/_varlock source ~/.zshrc ``` -------------------------------- ### Loading Varlock Config with bun Source: https://varlock.dev/guides/monorepos Example of using bun to execute Varlock and specify a custom loading path, typically used in CI or scripts. ```bash bunx varlock load --path apps/web/ ``` -------------------------------- ### Package Manager Completion Setup with @bomb.sh/tab Source: https://varlock.dev/llms-full.txt Installs the @bomb.sh/tab utility and configures Zsh to use it for package manager-based varlock completion. ```bash npm install -g @bomb.sh/tab # zsh (swap in npm / yarn / bun and bash / fish / powershell as needed) echo 'source <(tab pnpm zsh)' >> ~/.zshrc source ~/.zshrc ``` -------------------------------- ### Add Cloudflare Vite Plugin Source: https://varlock.dev/integrations/tanstack-start Configure your Vite setup to include the Varlock Cloudflare plugin alongside the TanStack Start plugin. ```javascript import { defineConfig } from '@tanstack/react-start/config'; import { tanstackStart } from '@tanstack/react-start/plugin/vite' import { varlockCloudflareVitePlugin } from '@varlock/cloudflare-integration'; export default defineConfig({ vite: { plugins: [ varlockCloudflareVitePlugin(), tanstackStart(), // ... ], }, }); ``` -------------------------------- ### Config Item Examples Source: https://varlock.dev/guides/schema Demonstrates various ways to define configuration items, including no value, empty string, static values (quoted and unquoted), boolean, numeric, function-based values, expansion, and multiline values. ```env NO_VALUE= # will resolve to undefined EMPTY_STRING_VALUE="" # will resolve to empty string STATIC_VALUE_UNQUOTED=quotes are optional # but are recommended! STATIC_VALUE_QUOTED="#hashtag" # and are necessary in some cases BOOLEAN_VALUE=true NUMERIC_VALUE=123.456 FUNCTION_VALUE=op(op://api-config/item/credential) EXPANSION_VALUE=${OTHER_VAR}-suffix MULTILINE_VALUE=""" multiple lines """ ``` -------------------------------- ### Using multiple directories as entry points Source: https://varlock.dev/reference/cli-commands Specify multiple paths using the -p flag to load .env files from different directories. Later paths take precedence. ```bash varlock run -p ./envs -p ./overrides -- node app.js ``` -------------------------------- ### OIDC Authentication Setup Source: https://varlock.dev/plugins/akeyless Initialize the Akeyless plugin using OIDC authentication. This method avoids the need for an API key by leveraging platform-issued OIDC tokens. ```dotenv # @plugin(@varlock/akeyless-plugin) # @initAkeyless(oidcAccessId="p-your-access-id") ``` -------------------------------- ### Dockerfile for MCP Server with Varlock Source: https://varlock.dev/llms-full.txt A Dockerfile that installs varlock, sets up Node.js dependencies, copies application files, and uses `varlock run` in the CMD to start the MCP server securely. ```dockerfile FROM node:22-alpine # Install varlock RUN npm install -g @varlock/cli WORKDIR /app # Copy package files COPY package*.json ./ COPY pnpm-lock.yaml ./ # Install dependencies RUN npm install -g pnpm && pnpm install # Copy application files COPY . . # Build the application RUN pnpm build # Use varlock run to start the server CMD ["varlock", "run", "--", "node", "dist/server.js"] ``` -------------------------------- ### Run Local Build in Production Environment Source: https://varlock.dev/guides/environments Demonstrates how to simulate a production build locally by setting the `APP_ENV` variable to `production` before running the Varlock command. ```shell APP_ENV=production varlock run -- your-build-command ``` -------------------------------- ### Custom MCP Client with Varlock Configuration Source: https://varlock.dev/llms-full.txt A TypeScript example of a custom MCP client that uses 'varlock/auto-load' and 'child_process.spawn' to start an MCP server. It connects using a StdioClientTransport and demonstrates calling a tool. ```typescript import 'varlock/auto-load'; import { Client } from '@modelcontextprotocol/sdk/client/index.js'; import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js'; import { spawn } from 'child_process'; import { ENV } from 'varlock/env'; const client = new Client( { name: 'my-mcp-client', version: '1.0.0' }, { capabilities: { tools: {} } } ); // Start the server process with varlock const serverProcess = spawn('pnpm', ['start'], { cwd: ENV.MCP_SERVER_PATH, stdio: ['pipe', 'pipe', 'pipe'] }); const transport = new StdioClientTransport(serverProcess.stdin, serverProcess.stdout); await client.connect(transport); // Use the client to interact with your MCP server const result = await client.callTool({ name: 'my-tool', arguments: {} }); ``` -------------------------------- ### Varlock Shell Tab Completion Source: https://varlock.dev/blog/may-2026-recap Enable shell tab completion for Varlock commands in bash, zsh, and fish by running `varlock complete`. Consult the shell completion guide for setup instructions. ```bash varlock complete ``` -------------------------------- ### Initialize Varlock Schema Source: https://varlock.dev/integrations/sveltekit Run 'varlock init' to set up your .env.schema file using npm, pnpm, bun, vlt, or yarn. ```bash npm exec -- varlock init ``` ```bash pnpm exec -- varlock init ``` ```bash bunx varlock init ``` ```bash vlx -- varlock init ``` ```bash yarn exec -- varlock init ``` -------------------------------- ### Opencode: Run from Any Directory Source: https://varlock.dev/guides/ai-tools Launch Opencode using a personal schema file with Varlock. The -p flag points to the personal schema configuration. ```bash varlock run -p ~/.env.opencode -- opencode # or with a specific model varlock run -p ~/.env.opencode -- opencode --model claude-3-5-sonnet ``` -------------------------------- ### Load and Initialize Kubernetes Plugin Source: https://varlock.dev/plugins/kubernetes Load the Kubernetes plugin and initialize it with a default namespace. This is a basic setup for using the plugin. ```env # @plugin(@varlock/kubernetes-plugin) # # @initKubernetes(namespace=default) ``` -------------------------------- ### Install Proton Pass CLI Source: https://varlock.dev/plugins/proton-pass Installs the Proton Pass CLI using a curl script. Ensure you have bash and curl installed. ```bash curl -fsSL https://proton.me/download/pass-cli/install.sh | bash ``` -------------------------------- ### Install Varlock CLI via cURL Source: https://varlock.dev/getting-started/installation Installs the Varlock CLI as a standalone binary by downloading and executing an installation script via cURL. ```bash # OR via cURL curl -sSfL https://varlock.dev/install.sh | sh -s ``` -------------------------------- ### Install @varlock/pass-plugin Source: https://varlock.dev/llms-full.txt Install the plugin as a normal dependency in your JS/TS project. ```env-spec # 1. Load the plugin # @plugin(@varlock/pass-plugin) # # 2. Initialize the plugin - no arguments needed for default setup # @initPass() ``` -------------------------------- ### Initialize Doppler Plugin with Service Token Setup Source: https://varlock.dev/plugins/doppler This snippet demonstrates the initialization of the Doppler plugin, including the setup for the service token. Ensure the service token is marked as sensitive and stored securely. ```env # @plugin(@varlock/doppler-plugin) # @initDoppler( # project=my-project, # config=dev, # serviceToken=$DOPPLER_TOKEN # ) # --- # @type=dopplerServiceToken @sensitive DOPPLER_TOKEN= ``` -------------------------------- ### Initialize varlock project Source: https://varlock.dev/guides/migrate-from-dotenv Initialize your project with varlock to install the package and generate a .env.schema from existing .env files. ```bash npx varlock init ``` ```bash pnpm dlx varlock init ``` ```bash bunx varlock init ``` ```bash vlx varlock init ``` ```bash yarn dlx varlock init ``` -------------------------------- ### Install Varlock CLI Source: https://varlock.dev/ Install the Varlock CLI as a dependency in a JavaScript project using npm or npx. Alternatively, install it as a standalone binary via Homebrew or a cURL script. ```bash npx varlock init ``` ```bash brew install dmno-dev/tap/varlock # OR via cURL curl -sSfL https://varlock.dev/install.sh | sh -s ``` -------------------------------- ### Install pass on macOS Source: https://varlock.dev/llms-full.txt Install the pass password manager using Homebrew on macOS. ```bash # macOS brew install pass ``` -------------------------------- ### Example .env.schema with Root Decorators Source: https://varlock.dev/llms-full.txt Demonstrates the use of multiple root decorators in the header section of an .env.schema file. ```env-spec # This is the header, it can contain root decorators # @defaultSensitive=false @defaultRequired=infer # @generateTypes(lang=ts, path=./env.d.ts) ``` -------------------------------- ### Install Varlock with vlt Source: https://varlock.dev/integrations/cloudflare Install the Cloudflare integration and varlock packages using vlt. ```bash vlt install @varlock/cloudflare-integration varlock ``` -------------------------------- ### Install Varlock with yarn Source: https://varlock.dev/integrations/cloudflare Install the Cloudflare integration and varlock packages using yarn. ```bash yarn add @varlock/cloudflare-integration varlock ``` -------------------------------- ### Example .env.local file with Varlock encryption Source: https://varlock.dev/llms-full.txt Illustrates how plaintext and Varlock-secured secrets appear in a .env.local file. Use varlock() for secured values. ```env-spec PLAINTEXT=shh-im-secret # 🚨 danger SECURED=varlock(local:abc123...) # ✅ secured at rest ``` -------------------------------- ### Install Varlock with pnpm Source: https://varlock.dev/integrations/cloudflare Install the Cloudflare integration and varlock packages using pnpm. ```bash pnpm add @varlock/cloudflare-integration varlock ``` -------------------------------- ### Install Varlock with npm Source: https://varlock.dev/integrations/cloudflare Install the Cloudflare integration and varlock packages using npm. ```bash npm install @varlock/cloudflare-integration varlock ``` -------------------------------- ### Decorator Syntax Examples Source: https://varlock.dev/env-spec/reference Illustrates various ways to use decorators with different data types and function calls. ```env-spec # @int=123 @float=123.456 @willBeString=123.456.789 # @doubleQuoted="with spaces" @singleQuote='hi' @backTickQuote=`hi` # @unquoted=this-works-too @withNewline="new\nline" # @funcCallNoArgs=func() @dec=funcCallArray(val1, "val2") @dec=funcCallObj(k1=v1, k2="v2") # @objectLiteral={k1=v1, k2="v2"} @arrayLiteral=[a, b, c] # standalone object/array values # @anotherOne # and some comments, this @decorator is ignored # this is a comment and this @decorator is ignored ``` -------------------------------- ### Install pass on Ubuntu/Debian Source: https://varlock.dev/llms-full.txt Install the pass password manager using apt-get on Ubuntu/Debian systems. ```bash # Ubuntu/Debian sudo apt-get install pass ``` -------------------------------- ### Initialize 1Password Plugin with Options Source: https://varlock.dev/guides/plugins Demonstrates initializing the 1Password plugin with specific options for development and production environments, including service account tokens and API keys. Sensitive data should be referenced from config items. ```javascript # @plugin(@varlock/1password-plugin) # @initOp(id=dev, token=$OP_TOKEN_DEV, allowAppAuth=forEnv(dev)) # @initOp(id=prod, token=$OP_TOKEN_PROD, allowAppAuth=false); # --- # @type=opServiceAccountToken @sensitive OP_TOKEN_DEV= # @type=opServiceAccountToken @sensitive OP_TOKEN_PROD= XYZ_API_KEY=op(dev, op://api-creds-dev/xyz/api-key) ``` ```javascript XYZ_API_KEY=op(prod, op://api-creds-prod/xyz/api-key) ``` -------------------------------- ### API Key Authentication Setup Source: https://varlock.dev/plugins/akeyless Configure Akeyless plugin for API Key authentication. Define environment variables for Access ID and Access Key and use them to initialize the plugin. ```dotenv # @plugin(@varlock/akeyless-plugin) # @initAkeyless(accessId=$AKEYLESS_ACCESS_ID, accessKey=$AKEYLESS_ACCESS_KEY) # --- # @type=akeylessAccessId AKEYLESS_ACCESS_ID= # @type=akeylessAccessKey @sensitive AKEYLESS_ACCESS_KEY= ``` -------------------------------- ### @initHcpVault() Source: https://varlock.dev/plugins/hashicorp-vault Initializes a HashiCorp Vault / OpenBao plugin instance with various configuration options. ```APIDOC ## @initHcpVault() ### Description Initializes a HashiCorp Vault / OpenBao plugin instance. ### Arguments #### Key/value args - **url** (string) - Required - Vault server URL (e.g., `https://vault.example.com:8200`) - **token** (string) - Optional - Explicit Vault authentication token - **roleId** (string) - Optional - AppRole role ID for automated authentication - **secretId** (string) - Optional - AppRole secret ID for automated authentication - **namespace** (string) - Optional - Vault Enterprise namespace - **jwtRole** (string) - Optional - Vault JWT/OIDC auth role name for OIDC authentication - **jwtAuthPath** (string) - Optional - Mount path for the JWT auth method (defaults to `jwt`) - **oidcToken** (string) - Optional - Explicit OIDC JWT token (auto-detected from platform if omitted) - **defaultPath** (string) - Optional - Default secret path when no path argument is given to `vaultSecret()` - **pathPrefix** (string) - Optional - Prefix automatically prepended to all secret paths - **id** (string) - Optional - Instance identifier for multiple instances - **cacheTtl** (string) - Optional - cache resolved values for the specified duration (e.g. `"5m"`, `"1h"`, `"1d"`, or `forever` to cache until manually cleared). For cache mode behavior and CLI cache controls, see the Caching guide. ### Example ```hcl # @initHcpVault(url="https://vault.example.com:8200", defaultPath=secret/myapp/config) ``` ``` -------------------------------- ### @initKubernetes() Source: https://varlock.dev/llms-full.txt Initializes a Kubernetes plugin instance for various resolvers like k8sSecret() and k8sConfigMap(). It allows configuration of instance ID, namespace, authentication, and default resource names. ```APIDOC ## @initKubernetes() ### Description Initializes a Kubernetes plugin instance for `k8sSecret()`, `k8sConfigMap()`, `k8sSecretBulk()`, and `k8sConfigMapBulk()` resolvers. ### Method Decorator ### Parameters #### Key/value args: - **id** (string) - Optional - Instance identifier for multiple instances, defaults to `_default` - **namespace** (string) - Optional - Kubernetes namespace to read from. Defaults to the kubeconfig context namespace, the pod’s mounted service account namespace (when in-cluster), or `default` - **context** (string) - Optional - Kubeconfig context name to use (overrides the current context) - **kubeconfig** (string) - Optional - Path to a kubeconfig file, or raw kubeconfig YAML/JSON content - **clusterServer** (string) - Optional - Kubernetes API server URL for explicit auth (e.g., `https://kubernetes.example.com:6443`) - **token** (string) - Optional - Bearer token for explicit auth - **skipTlsVerify** (boolean) - Optional - Set to `true` to skip TLS verification on the cluster certificate. Only applies when using `clusterServer` + `token` - **allowMissing** (boolean) - Optional - If `true`, missing resources or keys return `undefined` instead of throwing - **defaultSecret** (string) - Optional - Default Secret name used by `k8sSecret()` / `k8sSecretBulk()` when no name argument is provided - **defaultConfigMap** (string) - Optional - Default ConfigMap name used by `k8sConfigMap()` / `k8sConfigMapBulk()` when no name argument is provided ### Request Example ```env-spec # @initKubernetes(namespace=default, defaultSecret=app-secrets, defaultConfigMap=app-config) ``` ``` -------------------------------- ### Install Varlock using install.sh in Dockerfile Source: https://varlock.dev/llms-full.txt Download and install a specific version of the Varlock binary during the Docker build process. This is suitable for air-gapped environments or custom base images. Ensure `curl`, `ca-certificates`, and `libstdc++` are installed. ```dockerfile FROM alpine:3.19 RUN apk add --no-cache curl ca-certificates libstdc++ \ && curl -sSfL https://varlock.dev/install.sh | sh -s -- --version=1.6.0 --dir=/usr/local/bin WORKDIR /work ENTRYPOINT ["/usr/local/bin/varlock"] ``` -------------------------------- ### Loading Varlock Config with npm Source: https://varlock.dev/guides/monorepos Example of using npm to execute Varlock and specify a custom loading path, typically used in CI or scripts. ```bash npm exec -- varlock load --path apps/web/ ``` -------------------------------- ### Install pass on Arch Linux Source: https://varlock.dev/llms-full.txt Install the pass password manager using pacman on Arch Linux. ```bash # Arch pacman -S pass ``` -------------------------------- ### Initialize Varlock with bun Source: https://varlock.dev/getting-started/installation Installs Varlock as a dependency and scans your project for .env files to create a .env.schema file. This command uses bun to run the varlock init command. ```bash bunx varlock init ``` -------------------------------- ### Install Varlock and Vite Integration (vlt) Source: https://varlock.dev/integrations/cloudflare-workers Install the necessary packages for Varlock integration using vlt. ```bash vlt install @varlock/vite-integration varlock ``` -------------------------------- ### Install Varlock and Vite Integration (yarn) Source: https://varlock.dev/integrations/cloudflare-workers Install the necessary packages for Varlock integration using yarn. ```bash yarn add @varlock/vite-integration varlock ``` -------------------------------- ### Install Varlock and Vite Integration (pnpm) Source: https://varlock.dev/integrations/cloudflare-workers Install the necessary packages for Varlock integration using pnpm. ```bash pnpm add @varlock/vite-integration varlock ``` -------------------------------- ### AWS Credentials File Example Source: https://varlock.dev/plugins/aws-secrets Example content of the AWS credentials file, showing default and named profiles. This file is used when the 'profile' option is specified in the plugin initialization. ```ini [default] aws_access_key_id = AKIAIOSFODNN7EXAMPLE aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY [production] aws_access_key_id = AKIAI44QH8DHBEXAMPLE aws_secret_access_key = je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY ``` -------------------------------- ### Install Varlock and Vite Integration (npm) Source: https://varlock.dev/integrations/cloudflare-workers Install the necessary packages for Varlock integration using npm. ```bash npm install @varlock/vite-integration varlock ``` -------------------------------- ### Production Setup with Path Organization Source: https://varlock.dev/plugins/pass This configuration is for production environments and utilizes a `namePrefix` to organize secrets within the pass store. It fetches secrets from specific paths like 'production/database/url'. ```shell # @plugin(@varlock/pass-plugin) # @initPass(namePrefix=production/) # --- # Fetches production/database/url, production/database/password, etc. DB_URL=pass("database/url") DB_PASSWORD=pass("database/password") STRIPE_KEY=pass("api/stripe-key") SENDGRID_KEY=pass("api/sendgrid-key") ``` -------------------------------- ### Install Varlock Cloudflare Integration (vlt) Source: https://varlock.dev/integrations/cloudflare Install the necessary packages for Varlock Cloudflare integration using vlt. ```bash vlt install @varlock/cloudflare-integration @cloudflare/vite-plugin varlock ```