Skip to main content
Validation happens entirely on your device. Ghostable never sees your plaintext data or schema details, maintaining a true zero-knowledge design.

Configuration

All validation lives in the .ghostable directory:
Example
.ghostable/
  ghostable.yml
  schema.yaml
  schemas/
    production.yaml
    staging.yaml
    local.yaml
The global .ghostable/schema.yaml are for rules applies to all environments of this project. Any file under .ghostable/schemas/ will override rules for that specific environment. For example, rules placed inside .ghostable/schemas/production.yaml will only be applied to the production environment.
Use global rules for consistency across environments. Add overrides only when environments need stricter rules.

Schema Format

Each key represents an environment variable, followed by an array of rules.
schemal.yaml
APP_NAME:
  - required
  - string
  - max:255

APP_ENV:
  - required
  - in:local,staging,production

APP_DEBUG:
  - required
  - boolean

DATABASE_URL:
  - required
  - regex:^postgres://
Keep schemas in version control — they serve as your environment contract.

Supported Rules

Presence & Type
RuleDescription
requiredThe variable must be defined. Validation fails if missing.
nullableThe variable can be empty or null without triggering an error.
booleanAccepts values that can be interpreted as boolean (true, false, 1, 0).
integerMust be a whole number with no decimals.
numericMust be a number (integer or floating-point).
stringMust be a string value.
in:<values>Restricts value to a specific list, e.g. in:local,staging,production.
Format / Pattern
RuleDescription
urlMust be a valid URL (e.g., https://example.com).
emailMust be a valid email address.
regex:<pattern>Must match a regular expression. Example: regex:^v[0-9]+\\.[0-9]+$.
starts_with:<text>Value must begin with the given prefix (e.g., starts_with:sk_).
ends_with:<text>Value must end with the given suffix (e.g., ends_with:=).
Length / Range
RuleDescription
min:<n>Minimum allowed length (for strings) or value (for numbers).
max:<n>Maximum allowed length (for strings) or value (for numbers).

Usage

Validate your local environment before pushing or deploying: 
ghostable env:validate --env production
This command:
  • Loads .ghostable/schema.yaml
  • Merges any overrides from .ghostable/schemas/production.yaml
  • Validates your .env values against all defined rules
You’ll see friendly, human-readable errors, for example: 
 APP_KEY must start with "base64:"
 APP_DEBUG must be "false"