The reasons to not use environment variables weren't super compelling. I'm coding ground-up support for envvars in Ditto, because it caused nostr:npub1ycnhgr56efxcpvhu7q0er9gqjqttpwhgqgjfgjaj7gpfea5g6xhq4zgshs a lot of pain trying to deploy Rebased in k8s as-is.
nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 nostr:npub1ycnhgr56efxcpvhu7q0er9gqjqttpwhgqgjfgjaj7gpfea5g6xhq4zgshs ok, but understand that means all the secrets are effectively on disk at /proc/self/environ. An arbitrary file read (like the two recent Pleroma issues) means full secret disclosure.
I would really recommend against it.
Ditto will only support uploading through s3 and it won't support XML. It will even crash if you try to configure the media domain the same as the root domain.
Security through instability?
nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 nostr:npub1sat3yl2hv2df5xmuqj75gvzfmvyxs5x36vaur9jwvjzejtx7y2hskp27a4 nostr:npub1ycnhgr56efxcpvhu7q0er9gqjqttpwhgqgjfgjaj7gpfea5g6xhq4zgshs Where should secrets be stored if not in a file? Do you just mean use an encrypted file always, to store secrets in?
You can get leaks from both env variables and from secret files. It might seem easier to get them out of env variables, but you’re really looking for a similar exploit vector.
The only way to really be secure is pretty complex: using a tool like Vault to rotate secrets, and that gets super annoying and you often have to write your tooling around your rotation tool.
