DotEnv Studio — .env Generator, API Keys & Secret Scanner

About

Turn messy API documentation into a clean, ready-to-use .env file — without ever leaking a real secret.

DotEnv Studio is a privacy-first developer tool that reads the API docs page you're on, finds every environment variable and API key you need, generates a safe .env.example, and scans for exposed secrets — all 100% locally in your browser. No backend. No AI. No tracking. No data ever leaves your machine.

Built for developers and AI builders shipping SaaS apps, Chrome extensions, mobile apps, and integrations with top AI LLM's and databases

━━━━━━━━━━━━━━━━━━━━━━━━
WHAT IT DOES
━━━━━━━━━━━━━━━━━━━━━━━━

⌖ AUDIT ANY API DOCS IN ONE CLICK
Open a docs page, click once, and DotEnv Studio extracts required environment variables, API key names, OAuth client IDs/secrets, webhook signing secrets, SDK install commands, required scopes, callback URLs, and the authentication method.
⌗ GENERATE A SAFE .env.example INSTANTLY
Get a clean, grouped, commented .env file with every variable you need — values left blank, server-only keys clearly marked. Copy or download in one click. Toggle comments and grouping to taste.

🛡 SCAN FOR EXPOSED SECRETS
Detects real-looking API keys (OpenAI sk-…, Stripe sk_live_…, GitHub ghp_…, JWTs, and more), masks them, and guarantees they're NEVER written into exports or prompts. Flags the dangerous mistakes: secrets under NEXT_PUBLIC_/VITE_ prefixes and service-role keys exposed to the client.

✦ SAFE CLAUDE / CODEX PROMPTS
Generate a ready-to-paste implementation prompt for AI coding assistants — with required variables as placeholders only. Real keys are redacted automatically, every time.

⚙ FRAMEWORK-AWARE OUTPUT
Tailored setup for Next.js, Vite + React, Node/Express, Supabase Edge Functions, Cloudflare Workers, Chrome Extension MV3, WordPress, Laravel, and FastAPI — env file location, client/server rules, folder structure, and integration + testing checklists.

📊 SECURITY SCORE
Every audit gets an A–F grade with the exact factors that moved it, so you fix the right things before you ship.

🔎 ANALYZE YOUR LOCAL PROJECT
Point it at your project folder and it reads package.json, .env files, source, and manifest.json — locally — to find missing credentials, env vars used but never declared, committed secrets, and Chrome MV3 compliance issues.

📁 PROJECTS, HISTORY & EXPORT
Organize providers into projects, tag them, track status (planned → tested), merge a whole project into one .env.example, and export .env.example, SETUP.md, 

SECURITY_CHECKLIST.md, a team HANDOFF.md, JSON, or a copy-ready prompt. Full local backup & restore.