Overview

Env-vault-mcp is a Model Context Protocol (MCP) server offering six tools to manage environment variables securely across codebases. Developers can scan for all env var usages with scan_env_usage, detect secrets in full Git history using detect_secret_leaks, and generate typed .env.example files via generate_env_example. This suite prevents runtime crashes from missing variables and eliminates leaks from committed credentials.

Key Capabilities

Use scan_env_usage to identify every env var reference in Node.js (process.env), Python (os.getenv), PHP (env()), or shell ($VAR), with file paths, line numbers, and required/optional heuristics. validate_env_completeness cross-checks codebase needs against your .env file, flagging missing, empty, or unused vars with a completeness score for CI/CD. diff_environments compares configs from staging and production (e.g., Vercel exports), masking secrets while highlighting mismatches; generate_type_schema creates Zod, Pydantic, or Joi validators inferring types from code patterns like parseInt().

Use Cases

Onboard new developers by running generate_env_example to produce a commented, grouped .env.example in .env, YAML, or JSON formats tailored to your stack. Before deployments, validate_env_completeness and diff_environments ensure production matches staging without exposing secrets. Audit repositories with detect_secret_leaks to pinpoint commits containing 60+ patterns like AWS keys or OpenAI tokens across all branches.

Who This Is For

Full-stack developers maintaining polyglot repositories in JS/TS, Python, PHP, Ruby, or shell scripts. Engineering teams at startups or enterprises handling local dev, CI/CD pipelines, and cloud platforms like Vercel, Railway, or Render. Security-conscious contributors cleaning Git histories or enforcing type-safe env validation.