Comment by viraptor
2 months ago
> How many developers have plain-text tokens lying around on disk?
Most of them. Mainly on purpose, (.env files) but many also accidentally. (shell history with tokens in the commands)
2 months ago
> How many developers have plain-text tokens lying around on disk?
Most of them. Mainly on purpose, (.env files) but many also accidentally. (shell history with tokens in the commands)
Exactly. There are tools that allow debugging production environments without having to have the credentials on your disk.
I recommend Envie: https://github.com/ilmari-h/envie
It's more convenient than having a bunch of .env.prod, .env.staging files laying around, not to mention more secure.