[diogomonica.com] Why you shouldn’t use ENV variables for secret data

April 6, 2017

The twelve-factor app manifesto recommends that you pass application configs as ENV variables. However, if your application requires a password, SSH private key, TLS Certificate, or any other kind of sensitive data, you shouldn’t pass it alongside your configs.

When you store your secret keys in an environment variable, you are prone to accidentally exposing them—exactly what we want to avoid.

Read the full article at: diogomonica.com