but thats at runtime, secrets are going to be deployed in a secure manner after the code is released

.env files are used to develop as well, for some things like PayPal u dont have to change the credentials, you just enable sandbox mode. If I had some LLM attached to my codebase, it would be able to read those credentials from the .env file.

This has nothing to do with deployment. I never talked about deployment.

▲

Carrok 13 hours ago | parent [-]

If you have your PayPal creds in your repository, you are doing it wrong.

▲

zwnow 4 hours ago | parent [-]

.gitignore is a thing

▲

Carrok 3 hours ago | parent [-]

Which every AI tool I’m aware of respects and ignores by default.

	▲	zwnow 2 hours ago \| parent [-]
		Why is it that they can add new env variables then?