mleku on Nostr: secrets should be preferably set by environment variables, as they can't be seen by ...
secrets should be preferably set by environment variables, as they can't be seen by other users on the system, if they are in commandline, they appear in the ps or top view, and files can be seen by any process with permission to see them, so if another process of the user is breached it can read files, though of course generally you need to define the env from a file
my preferred method of configuration is to put everything into environment variables, because command line flags are bullshit and environment is universally available and simple... so i made a config system that scans file locations (based on XDG spec) and if it fins a specifically named file for the app, it reads it as though it is a list of environment KEY=value and this overrides everything else, if it doesn't find that, it uses the environment variables or their prescribed defaults
this gives you the flexibility to use a config file, or to inject the configuration into the environment, which is very easy to do with docker et al
my preferred method of configuration is to put everything into environment variables, because command line flags are bullshit and environment is universally available and simple... so i made a config system that scans file locations (based on XDG spec) and if it fins a specifically named file for the app, it reads it as though it is a list of environment KEY=value and this overrides everything else, if it doesn't find that, it uses the environment variables or their prescribed defaults
this gives you the flexibility to use a config file, or to inject the configuration into the environment, which is very easy to do with docker et al