varsafe

Appearance

Dashboard Guide

The varsafe dashboard is a supporting interface for management tasks. Day-to-day secret injection happens through the CLI.

Dashboard vs CLI

Use the dashboard for:

  • Creating and managing teams
  • Inviting team members
  • Managing secrets (bulk import, rotation, diff)
  • Environment management
  • API token management
  • Viewing audit logs
  • Security settings (2FA, passkeys)
  • Billing and subscriptions

Use the CLI for:

  • Injecting secrets into applications
  • Exporting secrets
  • Day-to-day developer workflow
  • CI/CD integration

Dashboard overview

The dashboard has these main sections:

SectionPurpose
DashboardOverview of teams, projects, and recent activity
SecretsView and manage secrets by project/environment
TeamsManage teams, members, and projects
Audit LogActivity history and compliance exports
ProfileAccount settings, security, and sessions
BillingSubscription and payment management

Secrets Management

Secrets page

Viewing Secrets

  1. Navigate to Secrets
  2. Select a project from the dropdown
  3. Choose an environment tab (Development/Staging/Production/Custom)

Secrets display:

  • Key name
  • Version number
  • Last updated date
  • Masked value (click eye icon to reveal)

WARNING

Revealing a secret value is an audited action.

Adding Secrets

Single Secret

  1. Click Add secrets
  2. Select Single mode
  3. Enter key (automatically uppercased)
  4. Enter value
  5. Click Add

Key format

Must be uppercase letters, numbers, and underscores. Must start with a letter. Example: DATABASE_URL, API_KEY_V2.

Bulk Import

  1. Click Add secretsBulk
  2. Either:
    • Drag and drop a .env or .json file
    • Paste contents directly
  3. Review parsed secrets
  4. Click Add X secrets
env
DATABASE_URL=postgres://localhost/db
API_KEY=sk-1234567890
json
{
  "DATABASE_URL": "postgres://localhost/db",
  "API_KEY": "sk-1234567890"
}

Editing Secrets

  1. Click the edit icon next to a secret
  2. Modify the value
  3. Click Save

Each edit creates a new version. The previous value is preserved in history.

Deleting Secrets

  1. Click the delete icon next to a secret
  2. Confirm deletion

INFO

Deleted secrets can be restored via rollback.

Bulk Delete

  1. Select multiple secrets using checkboxes
  2. Click Delete selected
  3. Confirm deletion

Bulk Edit

Edit multiple secrets at once:

  1. Click Bulk edit
  2. Modify keys and values in the editor
  3. Keys are automatically normalized to uppercase with underscores
  4. Duplicate keys are flagged and must be resolved before saving
  5. Click Save to apply all changes in one operation

Bulk edit handles renames and value changes together. If a key is renamed, the old key is removed and the new key is created.

Sync Suggestions

The sync suggestions panel helps you keep secrets consistent across environments. It detects secrets that exist in other environments but are missing from the currently selected one.

  1. In the Secrets page, look for the Sync suggestions panel
  2. Suggestions are grouped by source environment with color-coded badges
  3. For each missing secret you can:
    • Click Add to copy it to the current environment
    • Click Edit & Add to modify the value before adding
  4. Click Add all on an environment group to copy all its missing secrets at once

TIP

Run sync suggestions after creating a new environment or before deploying to catch missing configuration.

Environment Diff

Compare secrets across environments to find discrepancies:

  1. In the Secrets page, click Diff
  2. Select source and target environments
  3. View differences:
    • Only in source — Keys missing in target
    • Only in target — Keys missing in source
    • Different values — Keys with different values

TIP

Use diff before deploying to catch missing or inconsistent secrets between environments.

Secret History & Rollback

Viewing History

  1. In the Secrets page, click History
  2. See all operations for the current environment:
    • Create, update, delete operations
    • Who made the change
    • When it happened

Rolling Back

  1. Click Rollback next to an operation
  2. Preview what will change:
    • Secrets to be deleted
    • Secrets to be restored
    • Secrets to be reverted to previous versions
  3. Confirm the rollback

WARNING

Rollback restores the environment to its state before that operation. Review the preview carefully.

Secret Rotation

Rotate secrets with preview mode to ensure safe propagation:

  1. Click the rotate icon next to a secret
  2. Either:
    • Let varsafe auto-generate a new value
    • Enter a new value manually
  3. Preview the change
  4. Confirm rotation

The old value becomes immediately invalid. New inject commands receive the new value.

Environment Management

Default Environments

Every project comes with three environments:

  • Development — Local development
  • Staging — Pre-production testing
  • Production — Live systems (protected by default)

Creating Custom Environments

  1. Go to your project settings
  2. Click Add environment
  3. Enter name and slug
  4. Choose a color for visual identification
  5. Set protection status
  6. Click Create

Protected Environments

When an environment is marked as protected:

  • Owner / Admin — read/write access
  • Developer / Operator — read-only access
  • Viewer / Billing — no access

To protect an environment:

  1. Go to environment settings
  2. Toggle Protected on
  3. Save changes

Duplicating an Environment

Duplicate an existing environment to create a copy with all its secrets:

  1. Go to your project's environment list
  2. Click the Duplicate button next to an environment
  3. In the modal, enter:
    • Name — The new environment name
    • Slug — URL-safe identifier
    • Color — Visual identifier for the environment
    • Protected — Whether the new environment should be protected
  4. Click Duplicate

All secrets from the source environment are copied to the new one. Changes to the new environment do not affect the original.

TIP

Duplicating is useful for creating feature-specific environments (e.g., duplicate staging to feature-x) or setting up new deployment targets with the same configuration.

Deleting Environments

  1. Go to environment settings
  2. Click Delete environment
  3. Confirm deletion (this is permanent)

DANGER

Deleting an environment removes all its secrets permanently. This cannot be undone.

Team Management

Teams page

Creating a Team

  1. Navigate to Teams
  2. Click Create team
  3. Enter team name
  4. Click Create

Creating a Project

  1. Navigate to Teams
  2. Click Add project
  3. Select the owning team
  4. Enter project name (match your repository name)
  5. Click Create

Inviting Members

  1. Expand a team by clicking it
  2. Click Invite member
  3. Enter their email address
  4. Select a role:
    • Admin — Manage members and all secrets in all environments
    • Developer — Read/write secrets in non-protected environments, read-only in protected
    • Operator — Read-only access to all environments including protected
    • Viewer — Read-only access to non-protected environments
    • Billing — Billing management only, no secret access
  5. Click Send invite

INFO

Invitations expire after a set period. The invitee receives an email with a link to accept.

Changing Roles

  1. Expand a team
  2. Click the ... menu next to a member
  3. Select Change role
  4. Choose the new role

Deactivating Members

Deactivation soft-disables a member instead of removing them, preserving their audit history and making reactivation easy.

  1. Expand a team
  2. Click the ... menu next to a member
  3. Select Deactivate

Deactivated members:

  • Retain their role and audit history
  • Have a 7-day grace period where access is preserved
  • Cannot access secrets after the grace period
  • Do not count toward active member limits after grace period

To reactivate a member, click the ... menu and select Reactivate. The member regains full access immediately.

INFO

Owners cannot be deactivated. Transfer ownership first if needed.

Removing Members

  1. Expand a team
  2. Click the ... menu next to a member
  3. Select Remove from team
  4. Confirm removal

Transferring Ownership

  1. Expand a team
  2. Click the ... menu next to a member
  3. Select Transfer ownership
  4. Confirm transfer

WARNING

Only one owner per team. The current owner becomes an admin after transfer.

API Tokens

API tokens enable programmatic access for CI/CD pipelines and automation.

Creating a Token

  1. Go to your team settings
  2. Navigate to API Tokens
  3. Click Create token
  4. Enter a descriptive name
  5. Click Create
  6. Copy the token immediately — It won't be shown again

Using Tokens

Set the VARSAFE_API_TOKEN environment variable (or VARSAFE_TOKEN as an alias):

bash
export VARSAFE_API_TOKEN=vs_at_xxxxxxxxxxxxx
varsafe run -p my-api -e production -- ./deploy.sh

Or in CI/CD:

yaml
env:
  VARSAFE_API_TOKEN: ${{ secrets.VARSAFE_API_TOKEN }}

Rotating Tokens

  1. Click Rotate next to a token
  2. A new token is generated
  3. Copy the new token
  4. Update your CI/CD secrets

The old token is immediately invalidated.

Revoking Tokens

  1. Click Revoke next to a token
  2. Confirm revocation

The token stops working immediately.

Security Settings

Security settings

Two-Factor Authentication (2FA)

  1. Navigate to ProfileSecurity
  2. Click Enable 2FA
  3. Enter your password
  4. Scan the QR code with your authenticator app
  5. Enter the verification code
  6. Save your backup codes securely

Passkeys

Passkeys provide passwordless authentication using biometrics or security keys.

  1. Navigate to ProfileSecurity
  2. Click Add passkey
  3. Give it a name (e.g., "MacBook Pro Touch ID")
  4. Follow your browser's prompts
  5. Confirm with biometrics or security key

Session Management

View and manage active sessions:

  1. Navigate to ProfileSecurity
  2. See all active sessions with:
    • Device/browser info
    • IP address
    • Last active time
  3. Click Revoke to end a session immediately

Audit Log

Audit log

Viewing Activity

  1. Navigate to Audit Log
  2. Use filters:
    • Search by email, action, or target
    • Filter by action type
    • Filter by target type
    • Set date range

Understanding Events

Each event shows:

  • Action (e.g., "Created secret", "Signed in")
  • Actor (who performed the action)
  • Target (what was affected)
  • Source (dashboard, CLI, or API token)
  • Timestamp
  • IP address

Click an event to expand details.

Tracked Actions

CategoryActions
AuthLogin, logout, failed login, 2FA events, passkey events
SecretsCreate, update, delete, access, export, rotate, rollback
TeamsCreate, update, invite, remove member, role change
ProjectsCreate, update, delete
EnvironmentsCreate, update, delete
TokensCreate, rotate, revoke

Exporting for Compliance

  1. Click Export dropdown
  2. Choose format:
    • CSV — General export
    • SOC 2 — Security audit trail
    • GDPR — Processing activities record
    • HIPAA — Access controls audit
Billing & Plans

Plans

FeatureDeveloper (Free)Team
Team members3 free, up to 25Unlimited
ProjectsUnlimitedUnlimited
EnvironmentsUnlimitedUnlimited
Audit retention7 days90 days
Role-based accessDeveloper only6 roles
Price$0 + $6/extra user$15/user/month

Upgrading

  1. Navigate to Billing
  2. Click Upgrade to Team
  3. Start your 14-day free trial
  4. Add payment method before trial ends

Managing Subscription

  1. Navigate to Billing
  2. View current plan and usage
  3. Manage payment methods
  4. View invoice history

© 2026 varsafe. All rights reserved.