How we got rid of .env

sync async your own voice dude !!!

I am stuck on retrieving this on the sst python template. Can we create an LLM to assist with configurations for SST ?

I fell for it. Magical number "👍 420" - this guy

Dude, I hit like and subscribe, and I feel a weight lifting off my mind already

😕

Just dont have a secret 🎉🎉🎉

I don't get it, where is the database? are you hosting it as a service? And how can SST access my aws account without the keys? I'm so confused

I dint fall for it

.env is only meant for local development. Who pushes it to production???? Storing them elsewhere would be a open up the attack surface, and would still end up in memory. I don't see the benefits for local development.

wouldn't it be easier if you'd only use a .env for local development and .gitignore it? any deployment platform these days will have a place where you can set the environment variables without messing with files (aws, vercel, etc...)

This video does a good job of highlighting what the problem is and why you should care, but very little in terms of what to do about it. An example would've gone a long way, eg gist screenshot etc

Yeah cool but what if I want to develop offline? Like in a plane, on the beach or in rural Germany?

Amazing video. Didn't understand anything

I almost agree. I think .env file for local dev works fine… but they should not be handled manually. If they are generated from the output from a iac-tool it works really well. I usually use pulumi to create my environments, then I can have a script reading the dev environment and generate the .env file for local development. For actual deployment I don’t use .env file, those should be set as proper env variables.

Sorry, but I missed the part where you actually showed how and where the secrets should be stored?

Please create a follow-up implementation video.

When setting up SST, where/how do I setup an env variable for each stage? Is that done in a one time CLI flow? Would love to know more about that step of the setup process 🙂

Cloud native dev lets goooo. This is so cool to see

Okay but how do I run everything locally if the secrets aren't on my machine?

I'm not sure I understood what sst does. Or rather, I find the intro of your video very misleading because what you offer is not a solution to get rid of .env files. It's a solution that only works if you want to deploy on the cloud (AWS if I understood the basics of SST). But many projects can't use cloud : that's our case for my job. We host things on our own (sometimes internal) servers.
I feel like there can't be really a better way than .env files. Or rather, any other way would share the same downsides you describe.

Think about nix flake and devenv

These issues were solved much earlier by HashiCorp Vault but that thing is a beast and takes some time to learn

T3 stack solve all these issues, right?

Second

We use sst to store our values in Parameter Store and its just perfect. Perfect to share to new developers, perfect to keep them updated all across the team if they change. Great Work !