I don't add the environment variable values to the readme. Only the names, a description, and a sample value (not the real value).
I understand the downsides, and I'm revisiting my use of environment variables because there are downsides as you've pointed out. Using an encrypted vault for secrets like I'm currently doing still means new devs need help setting things up.
ok got it. Could pls explain bit more about "vault of secrets", how does it work? where do you store it?
I use 1Password, which is a commercially available password keeper, to store information, not just about my personal accounts but also to keep information about the projects I participate in.
There are quite a few different products that do this. The important thing is to pick one that's encrypted, easy to use, and works well on your OS.
Some teams I've worked on use a vault like this with shared credentials.
Nice! Thanks for the info
Anytime! This has been a great discussion and its making me rethink what I'd previously taken for granted. Thank you!
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.