We’ve all been there – that heart-stopping moment when you realize you’ve accidentally exposed sensitive information. Today, I’m sharing a personal story and introducing a tool that could save you from a similar nightmare. The Nightmare ScenarioLondon, February 2019, I was about to release an infrastructure project I’ve been working on for two weeks. I used the client’s AWS master key for testing. Yes, I know – I’m cringing too 😬. I pushed the container to a public repo for “easier access.” 🤡 Within seconds, an email arrived, cc’ing the entire company leadership about a critical security breach in production. Cold sweat. Near-firing experience. Lessons learned the hard way. The Common PitfallMany developers, especially those working on side projects or open-source repos, face a common dilemma: How do you store secrets locally in a way that’s both secure and convenient? Is it enough to put them in clear text and add them to . The answer is a resounding no. But the solution isn’t always clear. Enter: dotenvxHere’s where dotenvx comes in – a tool that could have saved me a world of pain. dotenvx is a “better .env” with three key features:
Getting Started with dotenvxInstallation is simple: `curl -sfS https://dotenvx.sh | sh # or brew install dotenvx` (I used Nix) Key Features:
Enhancing SecurityWhile dotenvx is a great start, it’s not a silver bullet. I recommend coupling it with security scanning tools like Snyk. These tools can help identify exposed secrets and other vulnerabilities in your project. Multi-Environment Supportdotenvx supports multiple environments (staging, production, etc.) through separate .env files. You can use the Docker IntegrationWhen using dotenvx with Docker, remember to:
The Balanced ApproachWhile .env files remain controversial in professional settings, tools like dotenvx offer a middle ground between security and practicality for side projects and open-source work. Remember, no solution is perfect. Always stay vigilant and use supporting systems to minimize risks. As always, feel free to reply directly with thoughts and comments. |
Every once in a while I send hand picked things I've learned. Kind of like your filter to the tech internet. No spam, I promise!
Is Gemini CLI Worth The Hype? This issue is brought to you by: Securing AI agents is now possible with Auth0 . AI agents are reshaping digital experiences. But securing them requires rethinking identity and access controls built for a human-first world. Get Started Today With a new AI coding assistant announced every other week, it’s easy to feel overwhelmed by the “paradox of choice.” Google entered the game late with its Gemini CLI, but they made a smart move: they made it free and...
I Used Heroku Open Source Alternatives So You Don't Have To This issue is brought to you by: Enjoy fast, secure and reliable web hosting with Hostinger. Use "devopstoolbox" at checkout of extra discounts on op! Start hosting with Hostinger today! I recently went down the rabbit hole of self-hosted application platforms. Just 5 weeks ago I made a video covering Coolify end 2 end.Once that got released (or maybe, because of that?) I started seeing many similar, open source, self-hostable...
SQLite Is the ULTIMATE Choice For 99% of Projects When you need to crack a nut, you grab a nutcracker, not a sledgehammer. So why, when it comes to databases, do so many of us immediately reach for a heavy, complex solution, just because we “feel” it’s right? too much? This simple question changes how you look at building software.The default solution for most developers is to spin up a dedicated database server like MySQL, Postgres, or a NoSQL option. This means dealing with separate running...