As an open-source builder and a streamer, I'm afraid I will leak keys on stream any time soon. And fun story—I did leak the API keys to my smart lights once, and the company (Govee) had a 30-day grace period for any revoked keys!
It still looks too tedious to manage all this—curious to see if there's an easier way. Currently I use 1Password in my teams to share .env config, but we basically c/p to local git folders, so there's still a lot to lose.
I'm especially worried about the growing number of supply chain attacks. Curious to see how you tackle these.
It still looks too tedious to manage all this—curious to see if there's an easier way. Currently I use 1Password in my teams to share .env config, but we basically c/p to local git folders, so there's still a lot to lose.
I'm especially worried about the growing number of supply chain attacks. Curious to see how you tackle these.