undefined | Better HN

0 pointsdigitaltrees1mo ago0 comments

Dude, AI has been shown to execute queries on coworkers env files, extract master keys, decrypt variables and push to production.

0 comments

3 comments · 1 top-level

cpursley1mo ago· 2 in thread

Why are important push secrets in a dev env config? Btw humans devs make this same mistake all the time.

digitaltreesOP1mo ago

umm lots of providers have cli tools: ‘heroku run rails db:drop —-app {name}’ railway, fly.io etc. so unless you don’t ever use their cli tools locally there’s a vector. Plus CI/CD might also have credentials to do things like run migrations.

cpursley1mo ago

Well that’s a developer problem, then. We use fly but prod secrets are not saved locally.

1 more reply

j / k navigate · click thread line to collapse