Comment by _pdp_
24 days ago
I am not saying this is the reason for this compromise but the sudden explosion of coding assistant like claude code, and tools like openclaw is teaching entire crop of developers (and users) that it is ok to have sensitive credentials .env files.
Where would you suggest putting the sensitive credentials?
Not in .env files next to your code that is exposed to supply chain risks.
infisical is a great solution