Dotenv: Difference between revisions
Jump to navigation
Jump to search
(Created page with "<!-- .env files are intended as an , that is easy to keep out of source management, that is specifically separate from any code Is it just like a config file? : Absolutely. Is it special in any way? : Not at all. Does it solve secret sprawl? : Nope. Is it still a good habit to put all your secrets in separate place that, out of being a common convention, you can recognize as "don't share this?" : Yup. https://github.com/motdotla/dotenv#readme https://...") |
mNo edit summary |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{#addbodyclass:tag_tech}} | |||
<!-- | <!-- | ||
.env files are intended | (not to be confused with [[direnv]] and its [[.envrc]]) | ||
that is easy to keep out of source management, | |||
'''{{inlinecode|.env}}''' files are intended to keep environment variables that parts of your project should pick up, | |||
that is easy to keep out of source management - that is, it is a name you can know shouldn't be there. | |||
Line 16: | Line 20: | ||
Does it solve [[secret sprawl]]? | Does it solve [[secret sprawl]]? | ||
: Nope. | : Nope. | ||
Does it help secrets stay secret? | |||
: Not at all. {{comment|(Hackers will have an ''slightly'' time, because you centralized all the secrets in one easy-to-identify place.)}} | |||
Is it still a | Is it still a decent habit? | ||
: Sure. | |||
:: it makes it much easier to not put secrets into code | |||
:: it makes it much easier to not accidentally share it (you can argue it should have been called ''secrets-do-not-share'' but eh...) | |||
Latest revision as of 13:00, 7 May 2024