Tony: I argue again for why we should reduce the practice of storing all environment variables in a.env file and move to a more sophisticated approach for managing them in local development. He says this article is intended for software development teams and not security and devops teams that already have this figured out.
Table of contents
Doing much better than your .env fileDon’t fix what’s not brokenDevelopers have unmet needsWhile .env files prevent developers from hardcoding and committing environment variables to source control, they totally fail the reliability criteria.Developers need to centralize their environment variable managementDevelopers just don’t know betterDevelopers would love secret managers, if only they were easy to use and trustworthyThat’s enough, show me your recommendation, gimme the codeGetting startedHow do I trust a secret manager?Conclusion34 Comments
Sort: