985: Stop putting secrets in .env
Syntax - Tasty Web Development Treats · Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
Audio is streamed directly from the publisher (traffic.megaphone.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Scott and Wes are joined by Phil Miller and Theo Ephraim to talk about Varlock, a new approach to environment variables that adds schemas, validation, and security to the humble .env file. They dig into the risks of traditional env workflows, how schema-driven configs improve DX, and how tools like Varlock help manage secrets safely across frameworks, CI, and AI-powered workflows.
Show Notes
- 00:00 Welcome to Syntax!
- 03:15 The Risks of .env Files
- 04:58 Introducing Varlock: A Unified Solution
- 06:56 Schema-Driven Environment Variables
- 11:47 Integrating with Various Frameworks
- 14:08 Brought to you by Sentry.io
- 14:32 Cross-Language Compatibility
- 17:50 Best Practices for Environment Variables
- 21:11 Security Features of Varlock
- 25:02 AI Integration and Environment Variables
- 29:12 Introduction to Varlock and GitHub Actions
- 32:45 Secrets Management and Best Practices
- 36:09 The Future of Varlock and Open Source
- 38:36 Sick Picks + Shameless Plugs
Sick Picks
- Phil: Bela.io
- Theo: Wonder Man
Shameless Plugs
- Phil: nauticalartifacts
- Theo: howtostore.food
Hit us up on Socials!
Syntax: X Instagram Tiktok LinkedIn Threads
Wes: X Instagram Tiktok LinkedIn Threads