Comment by graemep

Comment by graemep 3 days ago

0 replies

View on Hacker News

> Curious what extra protection this gives you, considering the environment variables are, well, in the environment, and can be read by process.

Look at it this way. What does putting things in a .env file get you over putting them in a local settings file? Both are readable by any process running as a user that can read those files, both are within the project directory and might be accidentally committed.

It also makes it easier to have a setup where secrets cannot be read by other software - e.g. this: https://www.theregister.com/2026/01/28/claude_code_ai_secret...