Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Follow the wormhole through a path of communities [email protected]
Oh wow.
That looks like an overly complicated solution to a problem that doesn't exist. Synching stuff that is in git? Why not just use.... git? Also npm.... and the example has an env var named "DB_PASS" in it. You never put passwords in version control.
It is generally considered a bad idea to use envs for passing secrets since envs for process n are available to other processes which have access and permission.
Exactly, you never check passwords into version control. So what happens when you need to share those values with other team members? The github example is not to put a .env file into a repo but to add the secrets to github’s native secret manager, which is what products like actions use to read envs.
Environment variable abuse
Waiting for the leak announcements
The best way to manage environment variables: don't use environment variables.
What do you do instead for dynamic values that are needed at runtime and inappropriate to check in to version control?
I'd rather prefer CI-level variables (macros?) that are not exported to the environment. Unfortunately, most CI developers don't care about security.
