Environment variables (.env files) are a popular way to manage configuration and secrets in modern applications.
leaving these files unencrypted e...
For further actions, you may consider blocking this person and/or reporting abuse
Love seeing a simple tool like that instead of some huge system, sometimes all I want is not losing my API keys tbh - you think most people actually rotate their keys as much as theyre supposed to or nah?
Totally! I still see people commit their .env files right into the repoβrotating keys is the least of their worries :)
First of all, great article! Security nowadays should be one of the top concerns on every developer's mind. However, encrypting and decrypting the .env file takes time and planning, which is why very few developers actually do it.
Agreedβencrypting .env files takes effort, which is why many skip it. But that small step can save big trouble later.
dotenvx is a great simple solution.
For a more complete config toolkit, check out dmno.dev - it also does things like validation, coercion, type-safety, leak prevention, and more. It uses plugins to pull secrets from a variety of backends, like 1Password, encrypted files, etc.
Thanks! dmno.dev looks powerfulβappreciate the tip!
this is legit info, secrets in plain text always freak me out - you think most teams actually mess up key rotation or just get lazy with it over time
I've seen teams start strong, but over time, key rotation slips unless it's automated or enforced.
Thank you for helpful article. Using dotenvx to encrypt environment is a simple yet effective solution, and it's easy to intergrate into many process, In the past, a teammate accidentally commited a config file with sensitive data a public repo, and our company was alerted by AWS Security tools. Since then, I've realized how important it is to protect .env files. I'm planning to use dotenvx in our CI/CD pipeline - could you share more about how to set it up Jenkins or Gitlabs?
Thanks for sharing your experience and I'm glad you found the article helpful!
Your note about CI/CD integration is a great point, and it might just be the inspiration for my next post. Stay tuned! π
Loving dotenvx for encrypted env varsβsuper handy for team safety. Anyone else using it? How do you manage secrets?