It depends on the environment. If you're referring to local development, then I'd store it in a .env file.
You're right that the Infisical Token could be leaked like the environment variables. However, you're forgetting that Infisical helps you always fetch the right set of environment variables to your application whereas if you stored your environment variables directly in a .env file then they may be out-of-sync.
It turns out this becomes even more useful when you have more environments from local development to CI/CD and production. With Infisical, you get to manage your environment variables centrally and know that the right variables will go to the right environment including local development.
This centralization and solution to the problem known as "secret sprawl" is the basis for the entire industry of secret management :)
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Then I don't see a need for infisical in the first place!
It depends on the environment. If you're referring to local development, then I'd store it in a .env file.
You're right that the Infisical Token could be leaked like the environment variables. However, you're forgetting that Infisical helps you always fetch the right set of environment variables to your application whereas if you stored your environment variables directly in a .env file then they may be out-of-sync.
It turns out this becomes even more useful when you have more environments from local development to CI/CD and production. With Infisical, you get to manage your environment variables centrally and know that the right variables will go to the right environment including local development.
This centralization and solution to the problem known as "secret sprawl" is the basis for the entire industry of secret management :)