Doing much better than your .env file
<p>Six months ago, I advocated for everyone to stop using .env files in favor of approaches using secret management platforms. Since then, I’ve learned and experienced much more about how to manage environment variables effectively. In this article, I argue again for why we should reduce the practice of storing all environment variables in a <code>.env</code> file and move to a more sophisticated approach for managing them in local development.</p>
<p>Before you roast me, I want to make clear that <strong>my position is not that you have to ditch the .env file entirely</strong>. I’m asserting that <strong>your application’s environment variables should not be stored directly in a .env file</strong>. This doesn’t mean, however, that you can’t store a token in it that pulls in the rest of your environment variables at runtime.</p>
<p>I also, by the way, want to make clear that this article is intended for <strong>software development teams</strong> and not security and devops teams that already have this figured out; this article is also not intended for solo developers who can feel free to use <code>.env</code> files.</p>
<p><a href="https://medium.com/@tony.infisical/the-death-of-the-env-file-6d65bfc6ac5e">Read More</a></p>