Or even better than added yet another layer of complexity, do the opposite: Commit all of your .env file to your repos. This way, everyone on the team has access to them, so there's no need for a credentials manager, no need to connect to a remote machine to update its configuration, and 100% guarantee that everyone has the same local environment configurations available.
The simple fact is that if your system enables an unprivileged user to access machines in your private network and connect to any containers they're running, you've already failed.
Having a database username, host and password should not be sufficient information for an unauthorised actor to compromise your systems.
If they are, you're doing it wrong and you've already been compromised.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Or even better than added yet another layer of complexity, do the opposite: Commit all of your
.env
file to your repos. This way, everyone on the team has access to them, so there's no need for a credentials manager, no need to connect to a remote machine to update its configuration, and 100% guarantee that everyone has the same local environment configurations available.The simple fact is that if your system enables an unprivileged user to access machines in your private network and connect to any containers they're running, you've already failed.
Having a database username, host and password should not be sufficient information for an unauthorised actor to compromise your systems.
If they are, you're doing it wrong and you've already been compromised.