About
It’s important to understand how Envless works before using it in real projects. Here’s a brief overview of how it functions and how to get started.
This page extracts some of key details of the first official blog article where our founder and CEO, Benjamin Fazli, talks about the idea behind it. Read the full blog-post article.
Why Envless?
Most companies and developers today heavily rely on .env variables and similar methods to manage, access, and deploy applications with their secrets. And we must admit, they are cool, and easy to setup unless you’re looking to scale and build an ecosystem around them. You will quickly face all kinds of problems doing it this way.
And that’s where Envless comes in. We wanted to create a tool that would allow developers to build and deploy their applications without worrying about the environment variables.
What are .env variables, app secrets?
Environment variables, or app secrets as they are referred to by the development community, are a way to define key-value pairs of public or secret data that can be accessed by the application at any point. The idea is reusability and easy switching of them for different environments, such as staging, development, and production.
Why are they a pain?
The idea of the .env file is old, dating back to 2012 when some libraries in different programming languages had packages to work with them. They were integrated that early and never looked back. Anyway now that is our job, let’s see why they are a pain and why we shouldn’t use environment or app secret variables this way in 2024.
Not decentralized. So everyone on the team working on the project should have a copy of those variables, which means if one of the team members adds a variable that other team members don’t have, it can lead to unexpected outputs. The variables are not synced in any way, and there is no control over how they are defined, so this responsibility falls on the developers.
Variables are not real data types; instead, they are all string values. This means if you want to use boolean or integer values, you need to manage those in the process, which is very complex and can easily lead to unexpected behavior and break the application.
Not type-safe. If you are using TypeScript, by default, they come without types, so you won’t know anything about their availability or the state of the types of the variables you use.
They are unencrypted, so sharing them between team members or cloud providers in any form is very risky and can expose important variables to the public.
They are an easy target for malware in several ways. If they are deployed to your GitHub account, they can be exposed easily. If a virus infects your computer, these files can be discovered, parsed, and stolen. Additionally, if you accidentally expose them somewhere, bots search the internet for such variables and can find and exploit them.
What’s next?
We have fixed all these problems and more with Envless. We have created a tool that allows you to manage your environment variables in a secure, decentralized, and type-safe way with an eco system of ease of use and scalability. Let’s see how you can get started with Envless.
Was this page helpful?