• placebo@lemmy.zip
    link
    fedilink
    English
    arrow-up
    15
    ·
    edit-2
    4 days ago

    As well as storing production credentials in plain text in an .env file.

    • The_Decryptor@aussie.zone
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 days ago

      .env files are wild to me, environment variables have never been a good way to pass data to applications, let alone secret data.

      So the solution people came up with was to store them in plain text next to the binary, and then have a loader apply them before running the main app.

      • Dave.@aussie.zone
        link
        fedilink
        arrow-up
        3
        ·
        3 days ago

        But they needed those .env files to transplant an entire software stack from the developer’s laptop into production in a reproducible manner! How else were they ever going to get software into prod? By good documentation, broad version requirements, and following the Robustness Principle? Ha! How are you supposed to move fast and break things then?

      • placebo@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        3 days ago

        The data isn’t supposed to be secret, I think. We use .env files to store creds required for development, like a connection url for my local database. Production apps don’t use .env files at all.