Skip to content
claude-code-tools

env-safe — Safe .env Inspection

env-safe lets you inspect .env files without ever exposing the actual values of your environment variables. It is designed for Claude Code and other automated tools that need to work with environment files without accidentally leaking secrets.

Why env-safe Exists

Section titled “Why env-safe Exists”

The safety-hooks plugin blocks Claude Code from directly accessing .env files — no reading, writing, or editing is allowed. This prevents both accidental exposure of API keys and unintended modifications.

env-safe is the only approved way for Claude Code to inspect environment configuration safely. Any modifications to .env files must be done manually, outside of Claude Code.

Commands

Section titled “Commands”

env-safe list

Section titled “env-safe list”

List all environment variable keys defined in the .env file:

Terminal window
env-safe list

Example output:

DATABASE_URL
API_KEY
SECRET_TOKEN
DEBUG_MODE

Add the --status flag to see whether each variable is defined or empty:

Terminal window
env-safe list --status

Example output:

DATABASE_URL: defined
API_KEY: defined
SECRET_TOKEN: empty
DEBUG_MODE: defined

Key Features

Section titled “Key Features”

No Value Exposure

Never displays actual environment variable values. Only key names and defined/empty status are shown.

Safe Inspection

Check which keys exist and whether they have values, all without any security risk.

Syntax Validation

Verify that your .env file format is correct before you deploy or run your application.

Claude Code Integration

Works hand-in-hand with the safety-hooks plugin to provide a safe alternative to direct .env access.

Full Help

Section titled “Full Help”

For all available options:

Terminal window
env-safe --help