Modern env management approach #21

Open
opened 2026-04-19 07:23:32 +00:00 by forgejo-lila · 0 comments
Owner

Context

Environment configuration uses .env files. These work but have downsides: easy to misconfigure, not versioned, easy to accidentally commit secrets, no type checking.

What to do

Evaluate and adopt a more robust env management approach.

Options to evaluate

  • dotenvx — encrypted .env files that can be committed safely
  • infisical — self-hosted secrets manager
  • @t3-oss/env-core — Zod-validated env schemas (type-safe, catches missing vars at startup)
  • Docker secrets — built into Docker Compose

Acceptance criteria

  • A clear decision is documented in documentation/decisions.md
  • Missing or invalid env vars are caught at startup with clear error messages
  • Secrets are not stored in plain text in the repo

Notes

Current env vars are documented in documentation/deployment.md under 'Environment Variables'. Both the API and Docker Compose stack read from .env files. VITE_API_URL is a build-time var (Docker build arg), not runtime.

## Context Environment configuration uses .env files. These work but have downsides: easy to misconfigure, not versioned, easy to accidentally commit secrets, no type checking. ## What to do Evaluate and adopt a more robust env management approach. ## Options to evaluate - `dotenvx` — encrypted .env files that can be committed safely - `infisical` — self-hosted secrets manager - `@t3-oss/env-core` — Zod-validated env schemas (type-safe, catches missing vars at startup) - Docker secrets — built into Docker Compose ## Acceptance criteria - A clear decision is documented in `documentation/decisions.md` - Missing or invalid env vars are caught at startup with clear error messages - Secrets are not stored in plain text in the repo ## Notes Current env vars are documented in `documentation/deployment.md` under 'Environment Variables'. Both the API and Docker Compose stack read from .env files. `VITE_API_URL` is a build-time var (Docker build arg), not runtime.
forgejo-lila added the
infra
label 2026-04-19 07:23:32 +00:00
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: forgejo-lila/lila#21
No description provided.