We’ve all been there – that heart-stopping moment when you realize you’ve accidentally exposed sensitive information. Today, I’m sharing a personal story and introducing a tool that could save you from a similar nightmare. The Nightmare ScenarioLondon, February 2019, I was about to release an infrastructure project I’ve been working on for two weeks. I used the client’s AWS master key for testing. Yes, I know – I’m cringing too 😬. I pushed the container to a public repo for “easier access.” 🤡 Within seconds, an email arrived, cc’ing the entire company leadership about a critical security breach in production. Cold sweat. Near-firing experience. Lessons learned the hard way. The Common PitfallMany developers, especially those working on side projects or open-source repos, face a common dilemma: How do you store secrets locally in a way that’s both secure and convenient? Is it enough to put them in clear text and add them to . The answer is a resounding no. But the solution isn’t always clear. Enter: dotenvxHere’s where dotenvx comes in – a tool that could have saved me a world of pain. dotenvx is a “better .env” with three key features:
Getting Started with dotenvxInstallation is simple: `curl -sfS https://dotenvx.sh | sh # or brew install dotenvx` (I used Nix) Key Features:
Enhancing SecurityWhile dotenvx is a great start, it’s not a silver bullet. I recommend coupling it with security scanning tools like Snyk. These tools can help identify exposed secrets and other vulnerabilities in your project. Multi-Environment Supportdotenvx supports multiple environments (staging, production, etc.) through separate .env files. You can use the Docker IntegrationWhen using dotenvx with Docker, remember to:
The Balanced ApproachWhile .env files remain controversial in professional settings, tools like dotenvx offer a middle ground between security and practicality for side projects and open-source work. Remember, no solution is perfect. Always stay vigilant and use supporting systems to minimize risks. As always, feel free to reply directly with thoughts and comments. |
Every once in a while I send hand picked things I've learned. Kind of like your filter to the tech internet. No spam, I promise!
FFmpeg Converts ANYTHING - The Trick Book I Wish I Had This issue is brought to you by: Learn backend development the smart way with boot.dev Use the code DEVOPSTOOLBOX to get 25% off your first payment for boot.dev. Get Started Today The title of this newsletter isn't an exaggeration. There's a single, free tool that can genuinely convert, create, and manipulate almost any media file you throw at it. It’s the hidden engine powering everything from YouTube, through OBS, online media...
Is Gemini CLI Worth The Hype? This issue is brought to you by: Securing AI agents is now possible with Auth0 . AI agents are reshaping digital experiences. But securing them requires rethinking identity and access controls built for a human-first world. Get Started Today With a new AI coding assistant announced every other week, it’s easy to feel overwhelmed by the “paradox of choice.” Google entered the game late with its Gemini CLI, but they made a smart move: they made it free and...
I Used Heroku Open Source Alternatives So You Don't Have To This issue is brought to you by: Enjoy fast, secure and reliable web hosting with Hostinger. Use "devopstoolbox" at checkout of extra discounts on op! Start hosting with Hostinger today! I recently went down the rabbit hole of self-hosted application platforms. Just 5 weeks ago I made a video covering Coolify end 2 end.Once that got released (or maybe, because of that?) I started seeing many similar, open source, self-hostable...