[fragmede]

your credentials shouldn't be in your codebase to begin with!

[zwnow]

.env files are a thing in tons of codebases

[iwontberude]

but thats at runtime, secrets are going to be deployed in a secure manner after the code is released

[zwnow]

.env files are used to develop as well, for some things like PayPal u dont have to change the credentials, you just enable sandbox mode. If I had some LLM attached to my codebase, it would be able to read those credentials from the .env file.

This has nothing to do with deployment. I never talked about deployment.

[Carrok]

If you have your PayPal creds in your repository, you are doing it wrong.

[zwnow]

.gitignore is a thing

[Carrok]

Which every AI tool I’m aware of respects and ignores by default.

[mkozlows]

If your secrets are in your repo, you've probably already leaked them.