nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 nostr:npub1ycnhgr56efxcpvhu7q0er9gqjqttpwhgqgjfgjaj7gpfea5g6xhq4zgshs did you reply to the wrong thread? I don’t know what this has to do with not storing secrets in envvars
Discussion
Point is it will be secure in other ways. In fact it won't matter if the Ditto server gets pwned. Users keep their own private keys which they use to encrypt events themselves. There's nothing to leak. All you could harm is the server admin, not the users. It will be 10x more secure.