dotenv-vault icon indicating copy to clipboard operation
dotenv-vault copied to clipboard
verified publisher icon dotenv-org

Add/Update .env.example on push

Open SuperKXT opened this issue 3 years ago • 3 comments

As it stands you can pull an existing .env.example file from the vault but you can't push .env.example files to the vault. Would love it if I could add or change the example file with a push.

SuperKXT avatar Sep 17 '22 16:09 SuperKXT

Hi @SuperKXT,

Thank you for the thought.

We're initially hesitant to do that because it then makes it easier to accidentally change a value to a production value the public might see. That is currently why we require you to enter these by hand from the UI.

I'll leave this sitting here and get others' thoughts. I don't have a strong opinion here but I do want to make sure the DX keeps security risks in mind at all times.

motdotla avatar Sep 17 '22 17:09 motdotla

I would recommend definitely if you were to enable push that you have a confirmation making sure users are not pushing sensitive settings within the example, but I get the decision here.

goatandsheep avatar Jul 01 '23 23:07 goatandsheep

reopening this to consider allowing for this. principle of least surprise.

motdotla avatar Jul 01 '23 23:07 motdotla