motdotla
commented
3 years ago Just saw this. Apologies for the delay, @mathiasfoster. (Notifications turned on going forward.)
Good questions. I can give you my word the architecture has been designed in a way that heavily prioritizes security. This includes a dedicated vault for secrets - separate from the business logic databases. This also includes a hook in that dedicated vault infrastructure that will permit you to eventually bring your own vault.
But there is not documentation/whitepapers for all this yet so I do not expect you to take my word. I would not in your position. That documentation is coming soon.
In the meantime, could you reply back to me at the invitation email you received? I would be happy for us to get on a zoom call and show you the security and vault architecture directly.
I've been accepted to the Beta for Dotenv Sync, but I'm reluctant to use it until I understand more about how it works.