What are some safe alternatives to using .env files for environment variables?

I’ve seen a lot of people recommend using services such as AWS Secrets Manager, Azure Key Vault, or Google Secrets Manager for more secure handling of secrets instead of relying solely on .env files. They allow you to safely inject your secrets at runtime, and it's a solid way to manage credentials.

In a previous role, we used a dedicated service for managing secrets that our main server would authenticate with. It added complexity, but it’s an extra layer of security since it separates the secrets from the application itself. It could be a viable option if you're concerned about the risks of .env files.

.env files can be okay for local development, but for production, it's often better to manage your environment variables through something like Kubernetes or other orchestration tools. Using a key vault to pull secrets at startup is a common practice. Just make sure you're not exposing your sensitive information too easily.

Infisical can definitely work for your production setup too. If you're using a platform like Vercel, there are integrations you can leverage to manage secrets seamlessly. Just ensure you're implementing best practices around storing and retrieving your environment variables.

Check out dotenvx if you're still inclined to use .env files but want more security. It encrypts your .env files, which adds a layer of protection. Keep in mind that if you've already compromised the server, it might not do much to help, but it’s better than plaintext.