Oh wow.
That looks like an overly complicated solution to a problem that doesn’t exist. Synching stuff that is in git? Why not just use… git? Also npm… and the example has an env var named “DB_PASS” in it. You never put passwords in version control.
It is generally considered a bad idea to use envs for passing secrets in general since envs for process n are available to other processes which have access and permission.
Exactly, you never check passwords into version control. So what happens when you need to share those values with other team members? The github example is not to put a .env file into a repo but to add the secrets to github’s native secret manager, which is what products like actions use to read envs.
Environment variable abuse
Waiting for the leak announcements
Nah, just use direnv instead, comrade.
The best way to manage environment variables: don’t use environment variables.
What do you do instead for dynamic values that are needed at runtime and inappropriate to check in to version control?
I’d rather prefer CI-level variables (macros?) that are not exported to the environment. Unfortunately, most CI developers don’t care about security.
Lmao, use Nix instead, or if that’s too complicated use DevBox.
Also, nobody with more than 0 brain cells will pay for this trash.
