Why I Deleted Every .env File on My Machine
The author faced issues with multiple .env files containing duplicate and expired credentials, leading them to migrate all secrets to the macOS Keychain using NoxKey and delete the .env files.
Why it matters
This article highlights the importance of properly managing sensitive credentials and the risks of relying on .env files, which can lead to security vulnerabilities if not properly maintained.
Key Points
- 1The author had 47 .env files on their machine, containing duplicate and expired credentials
- 2Some .env files had dangerous information like production database connection strings
- 3The author migrated all secrets to the macOS Keychain using NoxKey and deleted the .env files
- 4The transition was not seamless at first, but the author found ways to make it more efficient
Details
The author was rotating a Cloudflare API token and updated the .env file in one project, but it broke the staging environment for a different project. This led the author to search their machine and find 47 .env files containing various credentials, including duplicate Cloudflare API tokens, expired Stripe test keys, and even production database connection strings for a healthcare API project. The author decided to move everything to the macOS Keychain using NoxKey and delete all the .env files. The process took one afternoon and involved importing secrets, verifying their correctness, and deleting the .env files. For shared secrets, the author stored them under a shared prefix for easier management. The author also marked the sensitive healthcare API credentials as requiring Touch ID every time. The first few days were challenging as the author's muscle memory was used to the .env files, but features like session unlock helped make the transition smoother.
No comments yet
Be the first to comment