We have a new security team at work. I’m working on a new site using bedrock and they’ve flagged the use of environment variables for passwords as a no-no.
To be honest, I was kind of and started looking into it myself. After reading some, the arguments against the practice seem pretty sound.
I searched here but couldn’t find any discussion on the subject (though I probably just didn’t enter the correct incantation into the search box).
Would be interested to hear if this has been discussed by the roots team/community. If so, and continuing to use ENV vars was decided upon, I’d be interested to hear the arguments in favor. Perhaps I could use them to convince our security team to let me be.