That looks like an overly complicated solution to a problem that doesn’t exist. Synching stuff that is in git? Why not just use… git?
Also npm… and the example has an env var named “DB_PASS” in it. You never put passwords in version control.
It is generally considered a bad idea to use envs for passing secrets in general since envs for process n are available to other processes which have access and permission.
Exactly, you never check passwords into version control.
The github example is not to put a .env file into a repo but to add the secrets to github’s native secret manager, which is what actions use to read envs
Oh wow.
That looks like an overly complicated solution to a problem that doesn’t exist. Synching stuff that is in git? Why not just use… git? Also npm… and the example has an env var named “DB_PASS” in it. You never put passwords in version control.
It is generally considered a bad idea to use envs for passing secrets in general since envs for process n are available to other processes which have access and permission.
Exactly, you never check passwords into version control. The github example is not to put a .env file into a repo but to add the secrets to github’s native secret manager, which is what actions use to read envs