
Ask HN: How do you manage env variables and secrets? - kulikalov
Man, I&#x27;m tired of this topic. I have gitlab CI, local environments, keychain, keepass, gcp, aws and a whole bunch of other places where some of my env variables stored. Furthermore, Expo apps, for example, can&#x27;t pull .env files, so I have to write bash scripts to create js files. This hurts my brain.<p>I want to have a cozy place where I store all my variables and secrets safely per project per environment. I want to share it with my team, CI servers etc. I want to just specify a single key: the environemnt title. And all the variables should be pulled from somewhere. Is there such tool anywhere on the internet???
======
bchelli
Regarding Expo specifically: >>> I have to write bash scripts to create js
files. This hurts my brain. There is an issue on Expo's Github about env
management
[https://github.com/expo/expo/issues/83](https://github.com/expo/expo/issues/83)

Now on a more general use case, I guess there are two types of applications:
\- Client-side (like Expo): I would not store any "secret" for security
purposes, just configuration. You seem to use JS for your client-side so use
dotenv packages
([https://www.npmjs.com/package/dotenv](https://www.npmjs.com/package/dotenv),
[https://www.npmjs.com/package/dotenv-
webpack](https://www.npmjs.com/package/dotenv-webpack), etc...)

\- Server-side: Depending on your environment, CI, hosting you might have a
different solution, sadly not any one-fits-all solution to my knowledge.
Heroku provides a pretty straight forward solution, on my production
environment I use a configuration management, Chef's Data Bag but you could as
well use a service discovery like Consul, Zookeeper, Etcd, etc...

I hope this is a bit helpful.

------
sigmaprimus
>>> "I have to write bash scripts to create js files. This hurts my brain."
Not sure what you can do about this part, maybe asprin?

But if your ok with storing the keys to your accounts with a third party and
the risks that poses, maybe you could use something like git-secret?

[https://git-secret.io](https://git-secret.io)

------
gingerlime
plugging envwarden[0] - a tiny open source wrapper around Bitwarden[1] (also
open-source). Allows you to export secrets, write them to a .env file etc. And
you manage your secrets in the same place as your passwords.

[0]
[https://github.com/envwarden/envwarden](https://github.com/envwarden/envwarden)

[1] [https://bitwarden.com/](https://bitwarden.com/)

------
danenania
We built EnvKey to solve this exact problem. Check it out -
[https://www.envkey.com](https://www.envkey.com)

