What do you use instead???

falconertc · 2025-03-11T13:57:42 1741701462

Tools like direnv gets .env files out of repo paths and improves things a lot. You can integrate secrets management in code, but with that there's still no getting away with the assumption that some kind of auth mechanism exists in your env

prophesi · 2025-03-11T14:32:51 1741703571

Wouldn't direnv just mean it will now send up your .envrc file? I think what would work even better is combining direnv with pass[0] so that if it does get uploaded, it will be encrypted. ie:

export SECRET_KEY=$(pass work/secret_key)

[0] https://www.passwordstore.org/

threatofrain · 2025-03-11T13:58:44 1741701524

One might use a variation on the idea, like how 1Password does it. Everything in your .env is just a pointer so it's safe to commit.

withinboredom · 2025-03-13T21:46:28 1741902388

boring configuration files in ~/.config

anshumankmr · 2025-03-11T14:30:39 1741703439

hashicorp vault + launch.json on VSCode