Oh wow.
That looks like an overly complicated solution to a problem that doesn’t exist. Synching stuff that is in git? Why not just use… git? Also npm… and the example has an env var named “DB_PASS” in it. You never put passwords in version control.
It is generally considered a bad idea to use envs for passing secrets in general since envs for process n are available to other processes which have access and permission.
Exactly, you never check passwords into version control. The github example is not to put a .env file into a repo but to add the secrets to github’s native secret manager, which is what actions use to read envs
Environment variable abuse
Waiting for the leak announcements
The best way to manage environment variables: don’t use environment variables.
What do you do instead for dynamic values that are needed at runtime and inappropriate to check in to version control?
I’d rather prefer CI-level variables (macros?) that are not exported to the environment. Unfortunately, most CI developers don’t care about security.
Nah, just use direnv instead, comrade.
deleted by creator
