Content
@
https://warpcast.com/~/channel/devfc
0 reply
0 recast
0 reaction
Samuel ツ
@samuellhuber.eth
What do people use to manage .env variables across development teams? I'd love to securely sync .env files across all team members per branch so that no one has to worry about any .env values missing. Do your own feature branch -> your own values. e.g. localhost & docker compose develop branch -> test against dev prod branch: managed via GitOps anyway. No need for your .env
7 replies
1 recast
14 reactions
Mo
@meb
I've used a .env.example in the past to at least have a sane list of which values I even need, along with none sensitive smart defaults. For then populating this, I think some form of a script that could tap into a secrets manager, copy .env.example to a .env.local or .env.test would be the way to go
1 reply
0 recast
1 reaction
Samuel ツ
@samuellhuber.eth
yeah maybe an encrypted vault that then could go in repo? similar to ansible vault? or kubernetes sealed secrets. .env.example has the issue that it isn't guaranteed to be the same as your .env unless you have a precommit hook for that D:
1 reply
0 recast
0 reaction
Mo
@meb
Out of principle, I wouldn't commit secrets to a repo, even if they are secured through encryption. The nice thing about a CLI script, is you could passport through some other auth, then let it do the fetching. Bonus, if you do some secret rotation, you could just ask the team to all rerun the script again and refresh secrets.
1 reply
0 recast
1 reaction
Samuel ツ
@samuellhuber.eth
You dont commit secrets plainly. Though yeah even encrypted they‘d be in history. For dev environments that may be fine
0 reply
0 recast
1 reaction
