re: .env file in public folder is a security risk VIEW POST


I think just securing your file isn't enough, what I would do is store env in aws or other key management platforma and then allow that server only to access those keys.
I explained this a bit in here .

code of conduct - report abuse