Skip to content
varsafe
Esc
navigateopen⌘Jpreview
On this page

Dashboard Guide

The varsafe dashboard is a supporting interface for management tasks. Day-to-day secret injection happens through the CLI.

Dashboard vs CLI

Use the dashboard for:

  • Creating and managing teams
  • Inviting team members
  • Managing secrets (bulk import, rotation, diff)
  • Environment management
  • API token management
  • Viewing audit logs
  • Security settings (2FA, passkeys)
  • Billing and subscriptions

Use the CLI for:

  • Injecting secrets into applications
  • Exporting secrets
  • Day-to-day developer workflow
  • CI/CD integration

Dashboard overview

The dashboard has these main sections:

Section Purpose
Dashboard Overview of teams, projects, and recent activity
Secrets View and manage secrets by project/environment
Teams Manage teams, members, and projects
API Tokens Create and manage tokens for CI/CD and automation
Profile Account settings, security, and sessions
Audit Log Activity history and compliance exports
Billing Subscription and payment management
MCP Review and revoke AI agent connections

Secrets Management

Secrets page

Viewing Secrets

  1. Navigate to Secrets
  2. Select a project from the dropdown
  3. Choose an environment tab (Development/Staging/Production/Custom)

Secrets display:

  • Key name
  • Version number
  • Last updated date
  • Masked value (click eye icon to reveal)

Adding Secrets

Single Secret

  1. Click Add secrets
  2. Select Single mode
  3. Enter key (automatically uppercased)
  4. Enter value
  5. Click Add

Bulk Import

  1. Click Add secretsBulk
  2. Either:
    • Drag and drop a .env or .json file
    • Paste contents directly
  3. Review parsed secrets
  4. Click Add X secrets
DATABASE_URL=postgres://localhost/db
API_KEY=sk-1234567890
{
  "DATABASE_URL": "postgres://localhost/db",
  "API_KEY": "sk-1234567890"
}

Editing Secrets

  1. Click the edit icon next to a secret
  2. Modify the value
  3. Click Save

Each edit creates a new version. The previous value is preserved in history.

Deleting Secrets

  1. Click the delete icon next to a secret
  2. Confirm deletion

Bulk Delete

  1. Select multiple secrets using checkboxes
  2. Click Delete selected
  3. Confirm deletion

Bulk Edit

Edit multiple secrets at once:

  1. Click Bulk edit
  2. Modify keys and values in the editor
  3. Keys are automatically normalized to uppercase with underscores
  4. Duplicate keys are flagged and must be resolved before saving
  5. Click Save to apply all changes in one operation

Bulk edit handles renames and value changes together. If a key is renamed, the old key is removed and the new key is created.


Sync Suggestions

The sync suggestions panel helps you keep secrets consistent across environments. It detects secrets that exist in other environments but are missing from the currently selected one.

  1. In the Secrets page, look for the Sync suggestions panel
  2. Suggestions are grouped by source environment with color-coded badges
  3. For each missing secret you can:
    • Click Add to copy it to the current environment
    • Click Edit & Add to modify the value before adding
  4. Click Add all on an environment group to copy all its missing secrets at once

Environment Diff

Compare secrets across environments to find discrepancies:

  1. In the Secrets page, click Diff
  2. Select source and target environments
  3. View differences:
    • Only in source — Keys missing in target
    • Only in target — Keys missing in source
    • Different values — Keys with different values

Secret History & Rollback

Every edit creates a new version, and rollback works at two levels: a single secret, or the whole environment.

Single Secret

  1. Open a secret’s row actions and click History to see its version history
  2. Each entry shows the version, who changed it, and when
  3. Click Restore on a previous version and confirm — the value is restored as a new version

Whole Environment

  1. In the Secrets page, click History to see all operations for the current environment (creates, updates, deletes — with actor and timestamp)
  2. Click Rollback next to an operation
  3. Preview what will change:
    • Secrets to be deleted
    • Secrets to be restored
    • Secrets to be reverted to previous versions
  4. Confirm the rollback

Secret Rotation

Rotate secrets with preview mode to ensure safe propagation:

  1. Open a secret’s row actions and click Rotate
  2. Either:
    • Let varsafe auto-generate a new value
    • Enter a new value manually
  3. Preview the change
  4. Confirm rotation

The old value becomes immediately invalid. The next varsafe run or varsafe export receives the new value.


Environment Management

Default Environments

Every project comes with three environments:

  • Development — Local development
  • Staging — Pre-production testing
  • Production — Live systems (protected by default)

Creating Custom Environments

  1. Go to your project settings
  2. Click Add environment
  3. Enter name and slug
  4. Choose a color for visual identification
  5. Set protection status
  6. Click Create

Protected Environments

When an environment is marked as protected:

  • Owner / Admin — read/write access
  • Developer / Operator — read-only access
  • Viewer / Billing — no access

To protect an environment:

  1. Go to environment settings
  2. Toggle Protected on
  3. Save changes

Duplicating an Environment

Duplicate an existing environment to create a copy with all its secrets:

  1. Go to your project’s environment list
  2. Click the Duplicate button next to an environment
  3. In the modal, enter:
    • Name — The new environment name
    • Slug — URL-safe identifier
    • Color — Visual identifier for the environment
    • Protected — Whether the new environment should be protected
  4. Click Duplicate

All secrets from the source environment are copied to the new one. Changes to the new environment do not affect the original.

Deleting Environments

  1. Go to environment settings
  2. Click Delete environment
  3. Confirm deletion (this is permanent)

Team Management

Teams page

Creating a Team

  1. Navigate to Teams
  2. Click Create team
  3. Enter team name
  4. Click Create

Creating a Project

  1. Navigate to Teams
  2. Click Add project
  3. Select the owning team
  4. Enter project name (match your repository name)
  5. Click Create

Inviting Members

  1. Expand a team by clicking it
  2. Click Invite member
  3. Enter their email address
  4. Select a role:
    • Admin — Manage members and all secrets in all environments
    • Developer — Read/write secrets in non-protected environments, read-only in protected
    • Operator — Read-only access to all environments including protected
    • Viewer — Read-only access to non-protected environments
    • Billing — Billing management only, no secret access
  5. Click Send invite

Changing Roles

  1. Expand a team
  2. Click the menu next to a member
  3. Select Change role
  4. Choose the new role

Deactivating Members

Deactivation soft-disables a member instead of removing them, preserving their audit history and making reactivation easy.

  1. Expand a team
  2. Click the menu next to a member
  3. Select Deactivate

Deactivated members:

  • Retain their role and audit history
  • Have a 7-day grace period where access is preserved
  • Cannot access secrets after the grace period
  • Do not count toward active member limits after grace period

To reactivate a member, click the menu and select Reactivate. The member regains full access immediately.

Removing Members

  1. Expand a team
  2. Click the menu next to a member
  3. Select Remove from team
  4. Confirm removal

Transferring Ownership

  1. Expand a team
  2. Click the menu next to a member
  3. Select Transfer ownership
  4. Confirm transfer

API Tokens

API tokens enable programmatic access for CI/CD pipelines and automation.

Creating a Token

  1. Go to API Tokens in the sidebar
  2. Select the team the token should belong to — tokens are scoped to a single team
  3. Click Create token
  4. Enter a descriptive name (e.g. the pipeline that will use it)
  5. Click Create
  6. Copy the token immediately — It won’t be shown again

Using Tokens

Set the VARSAFE_API_TOKEN environment variable (or VARSAFE_TOKEN as an alias):

export VARSAFE_API_TOKEN=vs_at_xxxxxxxxxxxxx
varsafe run -p my-api -e production -- ./deploy.sh

Or in CI/CD:

env:
  VARSAFE_API_TOKEN: ${{ secrets.VARSAFE_API_TOKEN }}

Rotating Tokens

  1. Click Rotate next to a token
  2. A new token is generated
  3. Copy the new token
  4. Update your CI/CD secrets

The old token is immediately invalidated.

Revoking Tokens

  1. Click Revoke next to a token
  2. Confirm revocation

The token stops working immediately.


Security Settings

Security settings

Two-Factor Authentication (2FA)

  1. Navigate to ProfileSecurity
  2. Click Enable 2FA
  3. Enter your password
  4. Scan the QR code with your authenticator app
  5. Enter the verification code
  6. Save your backup codes securely

Passkeys

Passkeys provide passwordless authentication using biometrics or security keys.

  1. Navigate to ProfileSecurity
  2. Click Add passkey
  3. Give it a name (e.g., “MacBook Pro Touch ID”)
  4. Follow your browser’s prompts
  5. Confirm with biometrics or security key

Session Management

View and manage active sessions:

  1. Navigate to ProfileSecurity
  2. See all active sessions with:
    • Device/browser info
    • IP address
    • Last active time
  3. Click Revoke to end a session immediately

Audit Log

Audit log

Viewing Activity

  1. Navigate to Audit Log
  2. Use filters:
    • Search by email, action, or target
    • Filter by action type
    • Filter by target type
    • Set date range

Understanding Events

Each event shows:

  • Action (e.g., “Created secret”, “Signed in”)
  • Actor (who performed the action)
  • Target (what was affected)
  • Source (dashboard, CLI, or API token)
  • Timestamp
  • IP address

Click an event to expand details.

Tracked Actions

Category Actions
Auth Login, logout, failed login, 2FA events, passkey events
Secrets Create, update, delete, access, export, rotate, rollback
Teams Create, update, invite, remove member, role change
Projects Create, update, delete
Environments Create, update, delete
Tokens Create, rotate, revoke

Exporting for Compliance

  1. Click Export dropdown
  2. Choose format:
    • CSV — General export
    • SOC 2 — Security audit trail
    • GDPR — Processing activities record
    • HIPAA — Access controls audit

Billing & Plans

Plans

Feature Developer (Free) Team
Team members 3 free, up to 25 Unlimited
Projects Unlimited Unlimited
Environments Unlimited Unlimited
Audit retention 7 days 90 days
Role-based access Developer only 6 roles
Price $0 + $6/extra user $15/user/month

Upgrading

  1. Navigate to Billing
  2. Click Upgrade to Team
  3. Start your 14-day free trial
  4. Add payment method before trial ends

Managing Subscription

  1. Navigate to Billing
  2. View current plan and usage
  3. Manage payment methods
  4. View invoice history