your credentials shouldn't be in your codebase to begin with!

zwnow · 2025-12-30T21:10:21 1767129021

.env files are a thing in tons of codebases

iwontberude · 2025-12-30T21:38:35 1767130715

but thats at runtime, secrets are going to be deployed in a secure manner after the code is released

zwnow · 2025-12-30T21:42:35 1767130955

.env files are used to develop as well, for some things like PayPal u dont have to change the credentials, you just enable sandbox mode. If I had some LLM attached to my codebase, it would be able to read those credentials from the .env file.

This has nothing to do with deployment. I never talked about deployment.

Carrok · 2025-12-30T21:54:44 1767131684

If you have your PayPal creds in your repository, you are doing it wrong.

zwnow · 2025-12-31T07:05:58 1767164758

.gitignore is a thing

Carrok · 2025-12-31T07:42:46 1767166966

Which every AI tool I’m aware of respects and ignores by default.

zwnow · 2025-12-31T08:51:57 1767171117

Why is it that they can add new env variables then?

Carrok · 2025-12-31T14:54:24 1767192864

It is trivial to append to files without reading them. Also, no AI provider even wants your secrets, they are a liability. Do whatever you want though, I'm not here to convince you of anything.

mkozlows · 2025-12-30T22:07:31 1767132451

If your secrets are in your repo, you've probably already leaked them.