Y
Hacker News
new
|
ask
|
show
|
jobs
by
digitaltrees
38 days ago
Dude, AI has been shown to execute queries on coworkers env files, extract master keys, decrypt variables and push to production.
1 comments
cpursley
38 days ago
Why are important push secrets in a dev env config? Btw humans devs make this same mistake all the time.
link
digitaltrees
37 days ago
umm lots of providers have cli tools: ‘heroku run rails db:drop —-app {name}’ railway, fly.io etc. so unless you don’t ever use their cli tools locally there’s a vector. Plus CI/CD might also have credentials to do things like run migrations.
link
cpursley
37 days ago
Well that’s a developer problem, then. We use fly but prod secrets are not saved locally.
link
digitaltrees
36 days ago
So you can’t ssh into the pg or database?
link