Skip to main content

DotVault Features Summary

This document provides a comprehensive overview of all features implemented in the DotVault application.

Implemented Features

Phase 1: Core Features

1. Browser Extension

  • Location: packages/browser-extension/
  • Features:
    • One-click secret injection into Vercel, Netlify, Railway, GitHub, Render, Heroku, AWS Amplify, Cloudflare Pages, Supabase
    • Auto-detection of environment variable fields
    • Floating action button on supported platforms
    • Secure communication with DotVault API
    • Chrome and Firefox support
  • Documentation: docs/BROWSER_EXTENSION.md

2. Import/Export

  • Location: src/lib/import-export.ts, src/app/api/projects/[projectId]/import/, src/app/api/projects/[projectId]/envs/[envId]/export/
  • Features:
    • Import from: .env, JSON, 1Password, HashiCorp Vault, AWS Secrets Manager, Doppler, Vercel, Netlify
    • Export to: .env, JSON, CSV, YAML
    • Auto-detection of import formats
    • Validation and sanitization
    • Dry-run preview
  • Documentation: docs/IMPORT_EXPORT.md

3. Secret Templates

  • Location: src/lib/secret-templates.ts
  • Features:
    • 15+ pre-built templates (AWS, Stripe, Twilio, SendGrid, Slack, GitHub, JWT, OpenAI, Firebase, Supabase, Redis, Sentry, Database)
    • Validation patterns for each field
    • Auto-detection from keys
    • Custom template support
  • Documentation: docs/SECRET_TEMPLATES.md

4. Version History

  • Location: src/lib/db/schema.ts (projectEnvVersion table), src/lib/audit.ts
  • Features:
    • Automatic versioning on every change
    • Diff comparison between versions
    • Rollback to any previous version
    • Metadata tracking (who, when, why)
  • Documentation: docs/VERSION_HISTORY.md

5. Audit Logs

  • Location: src/lib/db/schema.ts (auditLog table), src/lib/audit.ts
  • Features:
    • Comprehensive action logging
    • IP address and user agent tracking
    • Export capabilities (JSON, CSV, PDF)
    • Real-time streaming (WebSocket)
    • SIEM integration support
  • Documentation: docs/AUDIT_LOGS.md

Phase 2: Security & Access Control

6. Access Requests

  • Location: src/lib/access-requests.ts, src/lib/db/schema.ts (accessRequest table)
  • Features:
    • Temporary elevated access requests
    • Configurable duration (1-24 hours)
    • Email notifications with approval links
    • Automatic expiration
    • Audit trail
  • Documentation: docs/ACCESS_REQUESTS.md

7. Break-Glass Emergency Access

  • Location: src/lib/break-glass.ts, src/lib/db/schema.ts (emergencyAccess table)
  • Features:
    • Two-approver requirement
    • Emergency types (owner unavailable, critical incident, other)
    • 2-4 hour access windows
    • Enhanced audit logging
    • Post-emergency reporting
  • Documentation: docs/BREAK_GLASS.md

8. Notifications (Slack/Discord)

  • Location: src/lib/notifications.ts, src/lib/db/schema.ts (webhookConfig table)
  • Features:
    • Slack webhook integration
    • Discord webhook integration
    • Generic webhook support
    • Event filtering
    • Signature verification
    • Delivery retry logic
  • Documentation: docs/NOTIFICATIONS.md

9. IP Allowlisting

  • Location: src/lib/ip-allowlist.ts
  • Features:
    • CIDR range support
    • Individual IP support
    • IPv4 and IPv6 support
    • Common preset ranges
    • Clear error messages for blocked access
  • Documentation: docs/IP_ALLOWLIST.md

10. Two-Factor Authentication (2FA)

  • Location: src/lib/two-factor.ts, src/lib/db/schema.ts (user table)
  • Features:
    • TOTP support (Google Authenticator, Authy, etc.)
    • WebAuthn/Security Key support
    • Backup codes generation
    • Organization-wide 2FA enforcement
  • Documentation: docs/2FA.md

Phase 3: Automation & Integration

11. Secret Rotation

  • Location: src/lib/secret-rotation.ts, src/lib/db/schema.ts (secretRotation table)
  • Features:
    • AWS IAM key rotation
    • Stripe API key rotation
    • Custom webhook rotation
    • Configurable intervals (7-365 days)
    • Automatic and manual rotation
    • Rotation history
  • Documentation: docs/SECRET_ROTATION.md

12. Environment Sync

  • Location: src/lib/env-sync.ts, src/lib/db/schema.ts (envSyncConfig, envSyncApproval tables)
  • Features:
    • Staging → Production promotion
    • Approval gates
    • Diff preview
    • Manual and automatic sync modes
    • Pull request mode
    • Rollback support
  • Documentation: docs/ENV_SYNC.md

13. CI/CD Integration

  • Location: src/lib/cicd-integration.ts
  • Features:
    • GitHub Actions support
    • GitLab CI support
    • CircleCI support
    • Jenkins support
    • Azure DevOps support
    • Travis CI support
    • Workflow generation
    • Docker Compose generation
    • Kubernetes deployment generation
  • Documentation: docs/CICD_INTEGRATION.md

14. GitHub Integration

  • Location: src/app/api/github/, src/lib/github.ts
  • Features:
    • GitHub App integration
    • Repository secrets sync
    • Pull request creation
    • Secret scanning
    • Deployment protection
    • Actions workflow integration
  • Documentation: docs/GITHUB_INTEGRATION.md

Phase 4: Enterprise & Scale

15. Self-Hosted Deployment

  • Location: docker-compose.yml, docs/SELF_HOSTED.md
  • Features:
    • Docker Compose setup
    • Kubernetes deployment
    • AWS ECS support
    • Google Cloud Run support
    • Azure Container Instances support
    • SSL/TLS configuration
    • Backup and recovery procedures
    • Monitoring setup
  • Documentation: docs/SELF_HOSTED.md

16. API & Webhooks

  • Location: src/lib/api-keys.ts, src/app/api/, docs/API_WEBHOOKS.md
  • Features:
    • RESTful API
    • API key authentication
    • OAuth 2.0 support
    • Rate limiting
    • Webhook system
    • SDK support (JavaScript, Python, Go)
    • Signature verification
  • Documentation: docs/API_WEBHOOKS.md

17. Secret Analytics

  • Location: src/lib/secret-analytics.ts
  • Features:
    • Security scoring (A-F grade)
    • Weak secret detection
    • Duplicate value detection
    • Hardcoded URL detection
    • Embedded secret detection
    • Usage metrics
    • Compliance reporting
  • Documentation: docs/SECRET_ANALYTICS.md

18. Team Workspaces

  • Location: src/lib/workspaces.ts, src/lib/db/schema.ts (workspace, workspaceMember, workspaceProject tables)
  • Features:
    • Multi-project workspaces
    • Role-based access (owner, admin, member)
    • SAML 2.0 SSO (Okta, Azure AD, etc.)
    • OIDC SSO (Google Workspace, Auth0, etc.)
    • Consolidated billing
    • Organization-wide policies
  • Documentation: docs/TEAM_WORKSPACES.md

19. CLI Tool (@lucerowb/dot-vault, command dv)

  • Location: packages/cli/
  • Shipped today: sign-in, list/create projects, list/pull/push/rename/delete envs, interactive session, setup wizard, shell completion
  • Web / API for: sharing, rotation, team access, import-export at scale
  • Documentation: packages/cli/README.md, docs/CLI.md

Database Schema

All features are supported by a comprehensive database schema defined in src/lib/db/schema.ts:

Core Tables

  • user - User accounts with 2FA support
  • session - Session management
  • account - OAuth accounts
  • verification - Email verification codes

Project Tables

  • project - Projects with IP allowlisting and 2FA requirements
  • projectEnv - Environment variables (encrypted)
  • projectMember - Project collaborators
  • projectInvitation - Pending invitations

Audit & Versioning

  • projectEnvVersion - Version history
  • auditLog - Comprehensive audit trail

Access Control

  • accessRequest - Temporary access requests
  • emergencyAccess - Break-glass emergency access

Automation

  • webhookConfig - Notification webhooks
  • secretRotation - Rotation schedules
  • envSyncConfig - Environment sync rules
  • envSyncApproval - Sync approvals

Enterprise

  • apiKey - API key management
  • workspace - Team workspaces
  • workspaceMember - Workspace membership
  • workspaceProject - Workspace project associations

Documentation

All features are documented in the docs/ directory:

  1. CLI.md - Command-line interface
  2. VERSION_HISTORY.md - Version control and rollback
  3. AUDIT_LOGS.md - Audit logging system
  4. GITHUB_INTEGRATION.md - GitHub integration
  5. BROWSER_EXTENSION.md - Browser extension
  6. SECRET_TEMPLATES.md - Secret templates
  7. ACCESS_REQUESTS.md - Access request system
  8. BREAK_GLASS.md - Emergency access
  9. NOTIFICATIONS.md - Webhook notifications
  10. IP_ALLOWLIST.md - IP access control
  11. 2FA.md - Two-factor authentication
  12. SECRET_ROTATION.md - Automatic rotation
  13. ENV_SYNC.md - Environment synchronization
  14. CICD_INTEGRATION.md - CI/CD integration
  15. SELF_HOSTED.md - Self-hosted deployment
  16. API_WEBHOOKS.md - API and webhooks
  17. SECRET_ANALYTICS.md - Analytics and insights
  18. TEAM_WORKSPACES.md - Team workspaces
  19. IMPORT_EXPORT.md - Import and export
  20. MANUAL_STEPS.md - Manual setup instructions

Next Steps

To deploy and use these features:

  1. Review docs/MANUAL_STEPS.md for complete setup instructions
  2. Set up required environment variables
  3. Configure database and external services
  4. Deploy using Docker or your preferred method
  5. Configure features via web interface or CLI

Architecture

The application follows a modern architecture:

  • Frontend: Next.js 14 with App Router, React Server Components
  • Backend: Next.js API Routes, tRPC-ready structure
  • Database: PostgreSQL with Drizzle ORM
  • Authentication: Better Auth with multiple providers
  • Encryption: AES-256-GCM for secrets at rest
  • Caching: Redis support (optional)
  • Email: SMTP with multiple provider support

All features are production-ready with comprehensive error handling, validation, audit logging, and security controls.