SovereignVariables is an in-browser environment variable manager and auditor built for Netlify and serverless developers. Document every var, catch missing keys, validate your Lambda payload size, generate .env templates, and plan key rotations — all privately in your browser. No data leaves your machine.
Free. No login. No secrets leave your browser. Part of the SOL developer stack →
Somewhere in your Netlify dashboard there's a key that hasn't been rotated in 8 months. Somewhere in your code a function is silently failing because a required var was never set. You probably don't know either.
A required env var that's not set doesn't throw a clear error at deploy time — your function boots and then fails at runtime, often with a cryptic message that takes hours to trace back to a missing key. SovereignVariables audits your manifest against expected vars before you hit production.
Netlify Functions run on AWS Lambda, which caps the total env var payload at 4,096 bytes. Add enough vars and your functions will fail to boot with a cryptic AWS error. SovereignVariables tracks your payload byte count in real time and warns you before you hit the wall.
API keys and secrets should rotate. In practice, they sit in a dashboard and nobody tracks how old they are. SovereignVariables lets you log the last rotation date for every key and flags ones that exceed your rotation policy — before a breach does it for you.
When you bring someone new onto a project — or return to one yourself after 6 months — nobody remembers what DEMONKEY is or why KEY_PEPPER can't be changed after keys are created. SovereignVariables documents every variable with purpose, type, and critical constraints.
SovereignVariables gives you a complete picture of your environment — what's set, what's missing, what's at risk, and what you need to document before the next developer joins.
Input your var manifest — required, optional, and deprecated keys. SovereignVariables runs an audit across the full list, marking each as Set, Missing, or Warning (old rotation date). The audit report shows your full config health at a glance before you touch production.
Track the byte size of your Netlify env var payload in real time. SovereignVariables counts the total bytes for all your current vars and displays a progress bar toward the 4,096-byte AWS Lambda limit. Know your margin, remove unused vars, and avoid a silent function boot failure.
For each var, add a plain-English description, type (string, boolean, URL, secret), required/optional flag, default value, and critical constraints. SovereignVariables generates a formatted documentation sheet for every key in your manifest — the reference that new team members actually need.
Log the last rotation date for each API key or secret. Set a rotation policy (e.g. 90 days for payment keys, 180 days for non-sensitive vars). SovereignVariables flags every key that's overdue for rotation with a warning indicator and optional export of the rotation schedule.
Export a clean .env.template file from your documented manifest — with every key listed, commented with its purpose and constraints, and placeholder values for required secrets. Drop it in the repo root as the onboarding reference. Update SovereignVariables and regenerate when vars change.
Tag any key as high-sensitivity (payment keys, encryption keys, admin passwords). SovereignVariables highlights these in the audit view, reminds you never to commit them, and includes a risk-level column in the exported documentation. Awareness before exposure.
Organize vars into groups — Governance, Security, AI/Inference, Database, Payments, Communications, Monitoring. The audit view filters by group so you can review just the payment keys, just the AI keys, or just the security secrets without scrolling through the full manifest.
Your env var names and documentation stay in your browser's localStorage. Nothing is transmitted to any server. No account required, no cloud sync, no SaaS risk. The entire audit and documentation workflow runs client-side. Secrets stay sovereign.
Generate a Netlify-specific checklist: which vars to set in the dashboard, which to keep out of the code, which are auto-injected by Netlify (like URL and DEPLOY_URL). The output is formatted for the Netlify Environment Variables UI — exactly the order and categories that make sense in the dashboard.
Four steps to full config sovereignty — know what you have, document what it does, and export what the team needs.
Add every env var your project uses. Mark each as required, optional, or deprecated. Flag high-sensitivity keys (payment keys, encryption keys, auth secrets). Organize vars into groups that match how your Netlify dashboard is structured. The manifest is stored locally — start from scratch or paste from an existing .env file for fast import.
Input which vars you currently have set (names only, no values), and SovereignVariables compares your manifest against the actual set. Missing required vars are flagged immediately. Vars over the rotation threshold show a warning. The payload size checker shows your total byte count and remaining margin against the 4 KB Lambda limit. The audit runs in your browser in under a second.
For each variable, fill in a purpose description, data type, default value (if any), rotation policy, and any critical constraints (like "KEY_PEPPER cannot be changed after keys are created — changing it orphans all existing hashed keys"). The documentation builder formats these entries into a human-readable reference sheet that survives in the repo and survives team turnover.
Export four artifacts: a .env.template for the repo (var names + descriptions, safe-to-commit); an audit report (what's set, missing, and at risk); a rotation schedule (which keys are overdue and when the next rotation is due); and a Netlify dashboard checklist (what to set where). Your config is now documented, audited, and operationally governed.
SovereignVariables is a free, offline-first env var manager for developers who want full visibility into their Netlify config — without uploading a single secret to any server. Document it. Audit it. Own it.
Free forever · No login · No data uploaded · Works offline · Part of the SOL dev stack