Almost every application out there supports environment variables for configuration, and every language supports reading data from the environment.
dotenvs are a clean and lightweight way of using this pattern that works regardless of tech stack. If the language doesn't have a library for loading dotenvs, you can usually write a simple library for it with a few lines of code.
In Golang-land, this is much easier than having to boilerplate your way through a Config interface with a Config struct for defining the YAML schema, though I suppose this is a non-issue with LLMs now.
Ensuring that plain-text dotenvs aren't in gitignore and that encrypted dotenvs are can be enforced with client-side Git hooks, which are painless to set up, in my opinion.
That said, I mostly use sops with PGP these days. YAML is more expressive than dotenv, though sops works well with dotenvs. I would recommend sops + Vault for enterprise scenarios.
> Almost every application out there supports environment variables for configuration
It didn't used to be that way, surprisingly. Most configuration was done via files using INI. Then people started using JSON, and now YAML -- if they have a configuration file at all. Containers pretty much required using environment for configuration because it was the only way to "inject" configuration before we got volumes and fancy stuff like secrets.
That doesn't make it any less of a hack instead of a proper configuration format.
Interesting! I thought the concept of environment variables was a Linux kernel primitive used by apps since forever. Admittedly, my first experience with computers was on Windows.
Tools like direnv gets .env files out of repo paths and improves things a lot. You can integrate secrets management in code, but with that there's still no getting away with the assumption that some kind of auth mechanism exists in your env
Wouldn't direnv just mean it will now send up your .envrc file? I think what would work even better is combining direnv with pass[0] so that if it does get uploaded, it will be encrypted. ie:
Almost every application out there supports environment variables for configuration, and every language supports reading data from the environment.
dotenvs are a clean and lightweight way of using this pattern that works regardless of tech stack. If the language doesn't have a library for loading dotenvs, you can usually write a simple library for it with a few lines of code.
In Golang-land, this is much easier than having to boilerplate your way through a Config interface with a Config struct for defining the YAML schema, though I suppose this is a non-issue with LLMs now.
Ensuring that plain-text dotenvs aren't in gitignore and that encrypted dotenvs are can be enforced with client-side Git hooks, which are painless to set up, in my opinion.
That said, I mostly use sops with PGP these days. YAML is more expressive than dotenv, though sops works well with dotenvs. I would recommend sops + Vault for enterprise scenarios.