docbrown
commented
2 months ago Here's an archived version of Environment Variables Considered Harmful for Your Secrets as the original website seems to be down.
Open joho opened 2 years ago
docbrown
commented
2 months ago Here's an archived version of Environment Variables Considered Harmful for Your Secrets as the original website seems to be down.
As of June 2022 I'm declaring godotenv roughly complete and will not be accepting feature requests, nor pull requests adding new functionality or breaking API changes.
Exceptions will be made to:
I have two main reasons for wrapping up active development of this library.
The first is that I'm no longer an enthusiastic supporter of the philosophy of the 12 factor app. I've been working with microservices for quite a long while now, and I find critiques such as Environment Variables Considered Harmful for Your Secrets and Why you shouldn't use ENV variables for secret data very compelling.
This library's purpose was always to make it easier to do active development of microservices that are deployed to 12 factor environments. The library as it stands today does a reasonable job of that, but I see feature requests/PRs come in that expand the scope to better support the packaging and distribution of env files as general purpose config, which I see as a footgun waiting to go off with someone's secrets.
The second is that I'm no longer as active a library maintainer as I once was. I've now got two kids, the timing of the first one coincides with the general decline in my review/comment rate on this repo.
I'm not seeking a new maintainer because:
I'm on annual leave right now and am spending some of that time clearing the backlog of pull requests and issues.
If after this month I close an issue or PR, it will likely be because it doesn't meet my criteria above.