What if you could secure your secrets easily in both development and production as well as share them across your team? This is particularly prevalent when working in teams. If you modify your secrets on your development machine or server, then you also need to change this in production. There’s also the challenge of keeping them updated. The issue with alternatives such as Docker secrets is that they rely on you using a particular tool or piece of software for all your projects. A hacker with access to the server or development filesystem would be able to read this information and often environment variables are leaked when logging. env file is just a text file albeit hidden. But how to best secure them?Īfter all, a. Sensitive information such as API Keys, user credentials, and database URLs to name a few.

As a developer, you’ll inevitably work with secrets.