undefined | Better HN

0 pointspjjpo4mo ago0 comments

I think it's common to have dev not production secrets there, and am reading the blurb about production secrets as non-local secrets. Even dev keys are a pain if they get leaked.

The idea seems nice with a simple yet effective implementation. While I think I currently have a shell script syntax highlight plugin reading env files, it's definitely overkill. Now if only this could protect from random npm packages reading your env files...

0 comments

xinbenlv4mo ago

Thanks @pjjpo, exactly. My bad to confuse people, no we don't put real prod-prod credentials in .env. We use mechanisms to ensure separation of secrets. Thank you for saying that it's a simple yet effective implementation. If you try it and let us know your feedback.

dissent4mo ago

This implies there's some kind of shared resource out there on the network that your devs are developing on. Why not make all these resources part of your local dev stack, served on localhost, and use dummy credentials? You can even commit them because they're not sensitive.

pjjpoOP4mo ago

Ok ok, it is indeed keys to AI APIs. I know it's not kosher to admit to that on HN anymore but it's the reality for me at least. Unfortunately local models just can't support development of products using them.

j / k navigate · click thread line to collapse

0 comments

xinbenlv4mo ago

dissent4mo ago

pjjpoOP4mo ago

j / k navigate · click thread line to collapse