It seems only encrypt and throw away the key would be the acceptable strategy

They need to give your app the environment variables later so they cannot throw away the key.

For non-sensitive environment variables, they also show you the value in the dashboard so you can check and edit them later.

Things like 'NODE_ENV=production' vs 'NODE_ENV=development' is probably something the user wants to see, so that's another argument for letting the backend decrypt and display those values even ignoring the "running your app" part.

You're welcome to add an input that goes straight to '/dev/null' if you want, but it's not exactly a useful feature.

	▲	QuantumNomad_ 2 days ago \| parent [-]
		> You're welcome to add an input that goes straight to '/dev/null' if you want, but it's not exactly a useful feature. Piping to /dev/null is of course pointless. What you really want is the /dev/null as a Service Enterprise plan for $500/month with its High Availability devnull Cluster ;) https://devnull-as-a-service.com/pricing/

▲

SahAssar a day ago | parent | prev [-]

Then you might aswell write them to /dev/null. Safer, has the same effect and faster.