Search code, repositories, users, issues, pull requests...
This is a hobby project. It's developed by only one person and should be considered as is. It may keep going for years or stop at any time. The source code will probably be published when the structure and documentation is state of the art.
According to the 3rd rule of the twelve-factor app, all the application config that depends on the environment (dev, staging, prod...) must not be stored as constants in the code. Instead, it must be stored in environment variables.
During local development, developers usually rely on .env files, whether they're using Node.js, Ruby on Rails, Go, Python, Rust or anything else.
Having this clear text file lying around on the disk can have huge security impacts, especially when it contains sensitive secrets, which are often the perfect candidates for environment-specific config.
Indeed, some attackers target developers in order to scan their disk to exfiltrate the contents of these files. When they contain AWS credentials with root access or crypto wallets keys, it can become a big problem.
.png)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25050349/HT053_MASTODON_CVirginia.jpg)
