0

I have a question

Why should we use env to store important data instead of json

As far as I know json can do it, evn can also do it, and evn can do it with json . Or when is it better to use json and when is it better to use evn, because I think the functions of the two are almost the same. (I’m not sure if this is the case)

I have read a lot of information, but there is no answer that I am satisfied with

I don’t know if this question is very simple, I hope you can answer it, thank you

ben1020
  • 102
  • 1
  • 2
  • 7
  • 1
    Environment variables are not used because they are more capable or because plain objects could not store sensitive information, but because [using an environment variable helps avoid checking sensitive information into version control](https://stackoverflow.com/questions/12461484/is-it-secure-to-store-passwords-as-environment-variables-rather-than-as-plain-t). – D M Nov 16 '21 at 14:25
  • 1
    This is likely just about where to store secrets. If your secrets are stored in a file, is that file also checked into your code repository? Designing your program so that secrets can be passed in ephemerally via the environment is a better treatment of secrets, particularly with things like Docker containers. – Wyck Nov 16 '21 at 14:25
  • Yes, but as someone said in the comments below,So i don’t understand what encryption can be done by doing this, unless manually "wait a minute: if you store the credential inside of an environment variable, they need to get there first. Either by hand, or by script. In order to automate startup of your software, I would recommend a script. But guess what, then you need to store them in a config file (for env variables) nonetheless. Unless you are not providing values for env variables by hand, I can see no security difference to config files. – math Jun 30 '20 at 6:38" – ben1020 Nov 16 '21 at 14:35
  • 1
    The difference is that your startup script is not checked into version control with your application. Again, it's not that you cannot do it with config files and a .gitignore, just that it makes it less likely that you will erroneously publish sensitive information if it's not in the repo to begin with. Also, consider that you may have a development environment, a staging environment, a beta environment, and a production environment; all of which may connect to separate resources. Maintaining all those config files and which one is active is error prone as well. – D M Nov 16 '21 at 20:39

0 Answers0