Nah, just use direnv instead, comrade.
this post was submitted on 15 Apr 2025
0 points (50.0% liked)
Programming
19656 readers
470 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities [email protected]
founded 2 years ago
MODERATORS
Oh wow.
That looks like an overly complicated solution to a problem that doesn't exist. Synching stuff that is in git? Why not just use.... git? Also npm.... and the example has an env var named "DB_PASS" in it. You never put passwords in version control.
It is generally considered a bad idea to use envs for passing secrets in general since envs for process n are available to other processes which have access and permission.
Exactly, you never check passwords into version control. So what happens when you need to share those values with other team members? The github example is not to put a .env file into a repo but to add the secrets to github’s native secret manager, which is what products like actions use to read envs.
Environment variable abuse
Waiting for the leak announcements
The best way to manage environment variables: don't use environment variables.
What do you do instead for dynamic values that are needed at runtime and inappropriate to check in to version control?
I'd rather prefer CI-level variables (macros?) that are not exported to the environment. Unfortunately, most CI developers don't care about security.
Lmao, use Nix instead, or if that’s too complicated use DevBox.
Also, nobody with more than 0 brain cells will pay for this trash.