this post was submitted on 14 Jul 2026
804 points (98.8% liked)

Programmer Humor

32303 readers
1442 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] theneverfox@pawb.social 1 points 4 hours ago (1 children)

How do you bounce the system? How do you auto restart the service if it fails? At the end of the day, a lot of creds have to essentially be stored in plain text somewhere

And to be clear, to me production creds mean creds that live on the production system, not creds that give access to the production system

The crazier thing here is why was an AI working on or pushing to prod

[–] percent@infosec.pub 1 points 2 hours ago

not creds that give access to the production system

...Isn't that what we're talking about though? Or did I misunderstand the OP?

Regardless, I'll just clarify anyway: Developers should not have a plaintext .env that can be used to drop (or risk in any other way) production data.

A practice like that is only as strong as the "weakest" member of the team – "Weakest" could mean the person who is the least careful, or least experienced, or least secure work computer/practices, etc. Scale up to 1,000+ engineers and the chances of disaster (data loss, leaks, etc.) greatly increase. That's just the human factor. Add LLMs into the mix and it's almost guaranteed.