Every once in a while I send hand picked things I've learned. Kind of like your filter to the tech internet. No spam, I promise!
This Changes Everything About .env Files
|
We’ve all been there – that heart-stopping moment when you realize you’ve accidentally exposed sensitive information. Today, I’m sharing a personal story and introducing a tool that could save you from a similar nightmare. The Nightmare ScenarioLondon, February 2019, I was about to release an infrastructure project I’ve been working on for two weeks. I used the client’s AWS master key for testing. Yes, I know – I’m cringing too 😬. I pushed the container to a public repo for “easier access.” 🤡 Within seconds, an email arrived, cc’ing the entire company leadership about a critical security breach in production. Cold sweat. Near-firing experience. Lessons learned the hard way. The Common PitfallMany developers, especially those working on side projects or open-source repos, face a common dilemma: How do you store secrets locally in a way that’s both secure and convenient? Is it enough to put them in clear text and add them to . The answer is a resounding no. But the solution isn’t always clear. Enter: dotenvxHere’s where dotenvx comes in – a tool that could have saved me a world of pain. dotenvx is a “better .env” with three key features:
Getting Started with dotenvxInstallation is simple: `curl -sfS https://dotenvx.sh | sh # or brew install dotenvx` (I used Nix) Key Features:
Enhancing SecurityWhile dotenvx is a great start, it’s not a silver bullet. I recommend coupling it with security scanning tools like Snyk. These tools can help identify exposed secrets and other vulnerabilities in your project. Multi-Environment Supportdotenvx supports multiple environments (staging, production, etc.) through separate .env files. You can use the Docker IntegrationWhen using dotenvx with Docker, remember to:
The Balanced ApproachWhile .env files remain controversial in professional settings, tools like dotenvx offer a middle ground between security and practicality for side projects and open-source work. Remember, no solution is perfect. Always stay vigilant and use supporting systems to minimize risks. As always, feel free to reply directly with thoughts and comments. |
ESPRESSO FRIDAYS
Every once in a while I send hand picked things I've learned. Kind of like your filter to the tech internet. No spam, I promise!
Stop Renting SaaS. Build Your Own Cloud. This issue is brought to you by: Security, Performance, Simplicity. Pick Three. Twingate delivers an identity-based access for users, services, and AI agents that deploys in minutes, scales to every resource, and finally lets you retire your VPN. Try Twingate - it's FREE! -> Why pay cloud companies when you can just… not? I’ve recently started running my own services at home, because.. honestly? I’m tired of paying cloud providers for things I can run...
This Tool Replaced 7 CLIs (and killed my opensource) This issue is brought to you by: Depot: Build faster. Waste less time. Accelerate your Docker image builds and GitHub Actions workflows. Easily integrate with your existing CI provider and dev workflows to save hours of build time. Get started for free -> I’ve been in the terminal for 12 years. I don’t get surprised often. Then I found Television, and I was wrong about it before I even opened it. The friction of endless pipes ||| There’s a...
My Opencode Workflow As A Senior Engineer This issue is brought to you by: Descope: Drag & Drop Your Auth Your engineers are building at warp speed, so why should auth be left behind? Descope provides no / low code workflows that decouple auth, access control, and user management from your app’s codebase so your teams can focus on the core product. Signup and Get Started Now Everyone's trying to replace themselves. I'm just trying to ship faster. 11 months ago, Dario Amodei said "AI would be...