| ▲ | Why can't you commit a .env file? | |||||||
| 1 points by devmtk 4 hours ago | 2 comments | ||||||||
"You can't commit a .env file to Git" is a sentence we've all heard. Most people accepted it and went on with their lives, using other tools to share environment variables. But the question we should ask is: why can't I commit a .env file to Git? The honest answer isn't that it's bad practice. It's that Git has no permission system below the repository level. It's all or nothing. You see everything, or you see nothing. The entire secret-manager industry exists to paper over this one missing primitive. For too long we accepted it as a minor annoyance. That's changed. It isn't a minor annoyance anymore. It's a real problem. We now have agents monitoring every patch that merges, hunting for security fixes to turn into exploits. The patch itself is the disclosure: it hands people (and increasingly agents) everything they need to reverse-engineer the fix and hit systems that haven't updated yet. We're in the middle of a security crisis, arguing about where to store files to hide them from attackers. For the last couple of weeks I've been thinking about this: prototyping, trying to find a compelling solution. I want to be honest, I have no idea if I found it. But I think the direction is at least interesting. Permissions, or as I prefer to call them, capabilities, should live at the content level, not the repo level. Commit the .env; just scope who's allowed to decrypt it. This is just one of the problems I have with Git(Hub), and honestly, I have no idea if anything I built is a good solution. I'd love your feedback, or your rant. If you want to see how I tried to fix it, the repo is here (hosted, sarcastically, on GitHub): https://github.com/thaddeus-run/thaddeus | ||||||||
| ▲ | ragnarel 4 hours ago | parent [-] | |||||||
Alternatively, you can encrypt the `.env` file before committing it. Then, only a single key will need to be configured in the destination environment. | ||||||||
| ||||||||