• theneverfox@pawb.social
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 hours ago

      Better than hard coded… Ideally we use tokens+fingerprint or something to avoid storing the creds directly (if possible), but putting them in environment variables is pretty common

      It’s not the worst thing, it’s very convenient (so people won’t go around it) and usually not the weak point in security (although AI being able to easily see it is an interesting twist)