Why you shouldn’t use ENV variables for secret data

By Diogo Mónica.

View original

Excerpt: The twelve-factor app [https://12factor.net/config] manifesto recommends that you pass application configs as ENV variables. However, if your application requires a password, SSH private key, TLS Certificate, or any other kind of sensitive data, you shouldn’t pass it alongside your configs. When y…