Ask HN: Do you read Secrets from Environment Variables
The Command Line Interface Guidelines [1] says:
> Do not read secrets from environment variables
> Secrets should only be accepted via credential files, pipes, `AF_UNIX` sockets, secret management services, or another IPC mechanism
Which one of these do you use? On github it seems common for projects to use environment variables for secrets.
Do you use secret management services for work only, or do you use them in your personal projects too?
[1] https://clig.dev/#environment-variables
7 comments
[ 2.0 ms ] story [ 25.6 ms ] thread[1] https://www.doppler.com/blog/lessons-from-mercedes-benz-sour...)
When the Mercedes-Benz Source Code Exposure happened I remembered I wasn't doing secrets management in the proper way, but good to know there's less risk since I'm a solo developer. But Doppler looks worth a shot.