• theneverfox@pawb.social
    link
    fedilink
    English
    arrow-up
    1
    ·
    60 minutes ago

    Better than hard coded… Ideally we use tokens+fingerprint or something to avoid storing the creds directly (if possible), but putting them in environment variables is pretty common

    It’s not the worst thing, it’s very convenient (so people won’t go around it) and usually not the weak point in security (although AI being able to easily see it is an interesting twist)