[nopointttt]

A sensitive flag at the UI layer doesn't actually change runtime. Once it's in process.env during a build, any dep that decides to grep it can. The real problem isn't a missing checkbox, it's that we still stuff every secret into one env bag and hand the build tools the whole bag. Cloudflare scoped bindings and Fly already split it up, other platforms are just slower.

[miki123211]

Yes.

Ideally, your application code shouldn't ever need to see your secrets, those should only be accessible to tiny components that only expose the operations that the app actually needs to do.

Instead of your app having an OPENAI_API_KEY, there should be some kind of external HTTP proxy that adds this key whenever the right endpoint is called.

A man can dream though.

[fireant]

This could probably be a generic MITM HTTP proxy as well, keep OPENAI_API_KEY=OPENAI_API_KEY in your .env and then replace this with the real key inside the proxy. It wouldn't need to know anything about endpoints or services.