"Stop using $thing", says company that happens to sell a replacement for $thing.<p>Environment variables/files are certainly not perfect, but this is a very one-sided take on them.
I used to use this package to avoid having to use ENV variables for everything (it pulls config info out of a JSON file instead, and parses both HTTP and FILE urls to source the JSON file.) But its effectively abandon-ware (hey, at least it's not a commercial tool.) Maybe I should write a similar package in Janet since that's what I'm doing for fun these days.<p><a href="https://www.npmjs.com/package/sn-props" rel="nofollow">https://www.npmjs.com/package/sn-props</a>
> Security. First of all, let's just consider the fact that with .env files you are storing completely unencrypted secrets locally on your machine...<p>In general, right after people say this, they propose encrypting the secrets somehow but then storing the decryption key completely unencrypted locally right next to them, or something that's equivalent to doing that. Is this an exception?