Point is it will be secure in other ways. In fact it won't matter if the Ditto server gets pwned. Users keep their own private keys which they use to encrypt events themselves. There's nothing to leak. All you could harm is the server admin, not the users. It will be 10x more secure.
nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 nostr:npub1ycnhgr56efxcpvhu7q0er9gqjqttpwhgqgjfgjaj7gpfea5g6xhq4zgshs did you reply to the wrong thread? I don’t know what this has to do with not storing secrets in envvars
Discussion
nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 nostr:npub1ycnhgr56efxcpvhu7q0er9gqjqttpwhgqgjfgjaj7gpfea5g6xhq4zgshs oh, I see. I was only trying to pass along the general info that secrets in envvars is bad, I wasn’t interpreting it strictly in the context of Ditto.
Sounds like ditto doesn’t really have any secrets then, so the general advice doesn’t apply to that use case.