can i have this between my machine and git please.. Like its twice now I've commmited .env* and totally passed me by (usually because its to a private repo..) then later on we/someone clears down the files.. and forgets to rewrite git history before pushing live.. it should never have got there in the first place.. (I wish github did a scan before making a repo public..)

▲

ComputerGuru 2 days ago | parent | next [-]

Already mentioned it in another reply, but .env and passing secrets as environment variables are a tragedy. Take a look at how SecureStore stores secrets encrypted at rest, and you’re even advised to commit them to git!

https://github.com/neosmart/securestore-rs

▲

acheong08 2 days ago | parent | prev | next [-]

GitHub does warn you when you have API keys in your repo. Alternatively, there are CLI tools such as TruffleHog you can put in pre-commit hooks to run before commits automatically

	▲	cwinq a day ago \| parent [-]
		You can try GitGuardian, it is very powerful and free for individual developers and small teams. It has precommit hooks, detection in IDE and all.

▲

mh- 2 days ago | parent | prev | next [-]

You can use git hooks. Pre-commit specifically.

https://git-scm.com/docs/githooks

▲

hombre_fatal 2 days ago | parent | prev | next [-]

At least you can put .env in the global gitignore. I haven’t committed DS_Store in 15 years because of it - its secrets will die with me.

	▲	willwade 2 days ago \| parent [-]
		sorry.. global gitignore.. what have i been doing..

▲

PunchyHamster 2 days ago | parent | prev [-]

aside from already mentioned hooks you can add global .gitignore for .env files