Show HN: Env files aren't meant for storing secrets
binsquare Thursday, November 27, 2025
I think .env files are fine for non-sensitive config but they’re a terrible place to store real secrets once you have a couple of engineers, machines, or a single engineer with multiple concurrent projects.
But I've worked for big and small tech and have seen this happen: 1. .env files are plaintext credential dumps 2. teams share .env files via slack and eventually drifts 3. accidental .env commit
I built envmap, a small cli tool that manages and injects your environment key values locally + with support for aws + vault + 1pass backends as source of truth. I use this and deleted my .env, .env.example, .env.production(I'm the worst).
Would appreciate any feedback + contributions!
Summary
The envmap tool provides a simple and efficient way to manage environment variables, allowing users to quickly set, unset, and list environment variables from the command line. It supports various operating systems and can be used in both interactive and scripted environments.
2
0
Summary
github.com