Level 122
things like database credentials should be different from one install to another.
external services like S3, login to the service and get a new Api key
Secrets that you create yourself, store in a password manager like lastpass
Dec 31, 2020
6
Level 14
Where should I store my .env file?
OK, so I know that we should never commit our .env files to the git repository. But where should I keep it then? What if I need to move my development to another computer? What if I lose my computer? Does that mean my .env file will also get lost?
What is the best practice for this?
Level 14
@snapey If I store my secrets in a password manager then how could I automate my deployment? Don't I need to copy and replace my local dev .env file with the production .env file with all the secrets when I'm deploying to a production server?
Level 122
Yes, you will need a .env file on tge server that is not overwritten
It depends ENTIRELY on how you deploy.
Level 14
@snapey I should have mentioned that I'm using Docker. So when a new build is built all the files need to get packaged into a build image. Maybe there's a way to do this using Docker that I'm not aware of.
Level 27
I think what you are actually asking is, how do I backup my .env?
- Git is meant for versioning/tracking changes, backup is kind of a side-effect of tracking
- Most docker images are configured to map/mount files to its host. This allows image updating without overwriting existing data. Which image are you using?
- My simple answer would be to perform a proper backup of the server/dev machine
- To be more detailed, bitwarden, the password manager, actually allows one to store all kinds of notes and data, you could technically paste the whole
.envinto 1 of its entries
Hope that helps.
Level 1
To configure your shared hosting, or any version control system (GIT) for .env file make sure that only the public folder is accessible from outside and not anything of your root folder can not be accessed from outside. If you are technical enough to change these setting on your own then good otherwise Go for VPS and Cloud Hosting.
Other than that One of the reasons for unsecured .env file could be the wrong access rights for your .env file. Make sure that CHMOD for your .env file should be 400 or 440 so that it can not be accessed from outside the public folder.
"CHMOD is the command and system call which is used to change the access permissions of file system objects"
hope this will help.
Please or to participate in this conversation.