Stop storing API keys and database passwords in plain text .env files. Learn how to use 1Password CLI to inject secrets at runtime for better security.

Filip Hric's blog provides insights into software engineering, web development, and technology trends. Readers can explore articles covering topics such as JavaScript frameworks, front-end development, and user interface design. Additionally, they can learn about software architecture patterns, best practices for building web applications, and optimizing web performance.

Filip Hric

AI coding assistants can inadvertently read sensitive credentials from .env files, creating security risks. Instead of storing secrets in plain text, use 1Password CLI to store references in .env files (like op://vault/item/field) and inject actual values at runtime with the op run command. This keeps secrets out of AI context windows and version control while maintaining a simple workflow. The setup involves installing 1Password CLI, connecting it to the desktop app, and updating .env files to use vault references instead of raw credentials.

Don’t let A.I. read your .env files