22 AI Safety Tools · Written in Rust · Free & Open Source

Your secrets are not safe
from AI.

EnvForge is the environment variable manager built to protect secrets FROM AI coding agents. 22 safety tools. Zero cloud dependency. One CLI.

Install in 10 seconds See the 22 AI safety tools

90+ commands 13 secret providers 22 AI safety tools

GitGuardian 2026: AI-assisted commits leak secrets at 2x the baseline rate. 24,000+ credentials found in MCP config files. 64% of leaked secrets from 2022 are still valid today.

Works with

Claude Code Cursor GitHub Copilot HashiCorp Vault AWS SSM 1Password Doppler Infisical GCP Azure Bitwarden Akeyless CyberArk Conjur SOPS pass/gopass Keeper

Protect a project in 30 seconds

Five commands. Full protection for Cursor, Copilot, and Claude Code.

# 1. Block AI tools from reading secrets
$ envforge fence
  Created .envforgeignore
  Created .cursorignore
  Created .claude/settings.json

# 2. Give AI context without values
$ envforge schema emit-ai --infer --output .env.ai.md
  AI context written to .env.ai.md (42 variables)

# 3. Install pre-commit hook + AI guard
$ envforge scan --install-hook
  Pre-commit hook installed
$ envforge ai-hook install claude-code
  Hooks installed: PreToolUse + PostToolUse

# 4. Scan and harden AI tool configs
$ envforge scan --mcp
  2 credential(s) found in MCP configs
$ envforge mcp harden
  2 secrets replaced with ${VAR} references

22 AI Safety Tools

Six security layers. From prevention to governance.

Layer	Tool	Command	What it does
Prevention	Secret Fence	`envforge fence`	Ignore rules for Cursor, Copilot, Claude Code
Prevention	Pre-Commit Hook	`envforge scan --install-hook`	Block commits containing secrets
Prevention	3-Stage AI Guard	`envforge ai-guard`	Pre-tool + post-tool scanning
Prevention	AI Hooks	`envforge ai-hook install`	Security hooks in Claude Code & Cursor
Prevention	File Alerts	built-in	Warn on .env, .pem, .ssh/ access
Runtime	Volatile Mode	`envforge run --volatile`	Secrets in memory only — never on disk
Runtime	Log Redaction	`envforge run --redact`	Mask secrets in subprocess output
Runtime	Credential Proxy	`envforge proxy`	HTTP API with allowlist + audit
Runtime	Session Leases	`envforge lease create`	Time-bounded secret access
Runtime	Killswitch	`envforge revoke --all`	Instantly revoke all access
Context	AI-Safe Schema	`envforge schema emit-ai`	Types & names without values
Context	Safe Export	`envforge export --safe`	Redacted [REDACTED] values
Context	Ignore File	`.envforgeignore`	Mark files AI tools should skip
Remediation	MCP Scan	`envforge scan --mcp`	Find creds in AI tool configs
Remediation	MCP Harden	`envforge mcp harden`	Auto-replace with ${VAR} refs
Remediation	Prompt Sanitizer	`envforge sanitize`	Strip secrets from any file
Detection	Canary Secrets	`envforge canary create`	Honeypot credentials — alert on exfiltration
Detection	AI Leak Audit	`envforge audit --ai-leaks`	Scan git for AI-assisted leaks
Detection	Access Audit	`envforge audit --access`	JSONL log of all proxy access
Governance	Approval Flow	`--require-approval`	Human approves each access
Governance	Dependency Map	`envforge deps KEY`	What breaks if this secret rotates?
Governance	External Scanner	`ENVFORGE_EXTERNAL_SCANNER`	Delegate to ggshield 500+ detectors

Beyond AI safety

A complete environment variable manager with 90+ commands.

🔒 Encrypted Sync

Git-based cross-machine sync with age encryption. Selective keys, machine overrides, rollback. Offline-first.

🔑 13 Secret Providers

Vault, AWS SSM, 1Password, Doppler, Infisical, GCP, Azure, Bitwarden, Akeyless, Conjur, SOPS, pass/gopass, Keeper. Pull, push, reference.

📄 Schema Validation

.env.schema with types, defaults, descriptions. Drift detection. JSON Schema for editor autocomplete. Docs generation.

💻 TUI + CLI

Vim-style TUI with fuzzy search, grouping, masking. 90+ CLI commands with --json and --dry-run. Shell completions.

📦 8 Export Formats

dotenv, JSON, YAML, TOML, Docker, Docker Secrets, Kubernetes Secret, Terraform tfvars.

⚡ Smart Workflows

Profiles, snapshots, rotation with propagation, shell auto-load, secure sharing, unified health check.

Run with maximum protection

Secrets in memory. Logs redacted. Leases enforced. Nothing leaks.

# Secrets in memory only + log redaction
$ envforge run --volatile --redact -- npm start
  Volatile mode: secrets resolved in memory only
  Connecting to [REDACTED:DB_PASSWORD]@host...
  Server running on port 3000

# Time-bounded access with credential proxy
$ envforge lease create --ttl 1h --keys DB_URL,API_KEY
  Lease created: session-143052
  Expires: 2026-04-20T21:00:00Z
  Keys: DB_URL, API_KEY

$ envforge proxy --port 8100 --require-lease
  Credential proxy on http://127.0.0.1:8100
  Lease enforcement: ON

# Emergency: revoke all access instantly
$ envforge revoke --all
  KILLSWITCH: 3 lease(s) revoked.

Git-native privacy

Everything versioned. Everything encrypted. Nothing leaks into your repo.

🔓 Encrypted Sync

Age (X25519) encrypted snapshots pushed to any Git remote. Auto-decrypt on pull. Your env vars are ciphertext in the repo — only your machines can read them.

📈 Git Merge Driver

Semantic three-way merge for .env files. Different keys auto-merged. Same key, different values → clean conflict markers. envforge git install-merge-driver

🔍 Secret Scanning

Scan source code and staged files for leaked secrets. Pre-commit hook blocks commits. MCP config scanning for AI tool credentials.

📝 Audit Trail

Full change history from sync Git log. SOC2 compliance reports. Chain of custody tracking. Tamper-evident logs with cryptographic integrity verification. envforge audit-trail report --report-type compliance

Integrations

Plugs into your existing stack. No migration required.

☁️ Secret Providers

Pull and push secrets from 13 providers. Configure once, use everywhere. URI refs: vault://secret/myapp/DB_URL

HashiCorp Vault · AWS SSM · 1Password · Doppler · Infisical · GCP Secret Manager · Azure Key Vault · Bitwarden · Akeyless · CyberArk Conjur · Mozilla SOPS · pass/gopass · Keeper

⚙️ CI/CD

Official GitHub Action with 5 modes: validate, secrets-pull, export, run, drift. Works in any CI pipeline via envforge run.

GitHub Actions · GitLab CI · CircleCI · Jenkins · Any CI with shell

📂 Shell Integration

direnv-style auto-load. Profile switches without shell restart. Completions for zsh, bash, fish.

eval "$(envforge hook zsh)" · eval "$(envforge hook bash)" · envforge hook fish | source

📦 Export Anywhere

8 formats. One command. Feed your secrets into any infrastructure tool.

.env · JSON · YAML · TOML · Docker · Docker Secrets · Kubernetes Secret · Terraform tfvars

💻 IDE Extensions

Built-in LSP server. Diagnostics, hover, completions, go-to-definition in your editor. Variables panel with grouping and profile switching.

VS Code · IntelliJ IDEA · Neovim · Helix · Sublime Text

Built for developers

Every workflow thought through. Every edge case handled.

🔎 Explain

X-ray view of any key. Source file, line number, profile, schema type, encryption status, sync marking, secret age — all in one command. envforge explain KEY

🔄 Secret Rotation

Guided interactive rotation. Masked input. Auto-resets age. Pushes to provider and sync with --propagate. Bulk rotate stale secrets with --stale.

📷 Snapshots

Backup and restore your entire env state. Diff against previous snapshots. Auto-prune to 20. Safety net before any risky change.

🩹 Unified Check

One command runs doctor + validate + scan + age + drift. Fix hints for every failure. --only for selective checks. --json for CI.

👥 Secure Sharing

Age-encrypted share files. Recipient decrypts with their key. Optional expiry. envforge share create --recipient age1... --all

🛠 Multi-Profile

Dev, staging, prod — switch instantly. Merge multiple profiles: envforge run --profiles dev,staging. Last wins. Compare with profile diff.

How EnvForge compares

The only tool with comprehensive AI safety AND full env management.

	EnvForge	ggshield	dotenvx	Infisical	Doppler	Varlock
AI safety tools	22	3	2	1	0	7
Pre-tool scanning	✓	✓	✕	✕	✕	✕
Canary secrets	✓	✕	✕	✕	✕	✕
Session leases + killswitch	✓	✕	✕	✕	✕	✕
MCP config harden	✓	✕	✕	✕	✕	✕
Volatile mode (no disk)	✓	✕	✕	✕	✕	✕
Dependency mapping	✓	✕	✕	✕	✕	✕
Full env management	✓	✕	✓	✓	✓	✓
TUI interface	✓	✕	✕	✕	✕	✕
13 secret providers	✓	✕	✕	✓	✓	✓
Encrypted sync	✓	✕	✓	✓	✓	✕
Free & open source	✓	✓	✓	Partial	✕	✓
Zero cloud dependency	✓	✕	✓	✕	✕	✓

Start protecting your secrets

Rust 1.75+ required. Linux and macOS.

$ cargo install env-forge-tui

Or build from source: git clone https://github.com/emreerinc/envforge && cd envforge && cargo install --path .

Then set up shell completions and man pages:

# Shell completions (auto-install)
$ envforge completions zsh --install
$ envforge completions bash --install
$ envforge completions fish --install

# Kiro CLI / Fig / Amazon Q autocomplete
$ envforge completions kiro --install
$ kiro-cli restart

# Built-in man pages
$ envforge man           # full command index
$ envforge man fence     # specific command

Your secrets are not safefrom AI.