undefined | Better HN

0 pointsdigitaltrees11d ago0 comments

Dude, AI has been shown to execute queries on coworkers env files, extract master keys, decrypt variables and push to production.

0 comments

cpursley11d ago

Why are important push secrets in a dev env config? Btw humans devs make this same mistake all the time.

digitaltreesOP10d ago

umm lots of providers have cli tools: ‘heroku run rails db:drop —-app {name}’ railway, fly.io etc. so unless you don’t ever use their cli tools locally there’s a vector. Plus CI/CD might also have credentials to do things like run migrations.

cpursley10d ago

Well that’s a developer problem, then. We use fly but prod secrets are not saved locally.

1 more reply

j / k navigate · click thread line to collapse