Skip to content

Instantly share code, notes, and snippets.

@samsch
Created July 14, 2020 17:25
Show Gist options
  • Save samsch/580ee2b989eba6f625093ede7a7742cf to your computer and use it in GitHub Desktop.
Save samsch/580ee2b989eba6f625093ede7a7742cf to your computer and use it in GitHub Desktop.
Don't put sensitive data in environment variables (including .env files)

Some links

A simple alternative is to put your sensitive (or all) config in a .json file that is gitignored. This also has the advantage of being easily generated using tools which can retrieve the sensitive data from a secure store (e.g., via ssh using user ssh key). With Node.js, .json files can be directly require()d, which is an additional convenience.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment