985: Stop putting secrets in .env

Scott and Wes are joined by Phil Miller and Theo Ephraim to talk about Varlock, a new approach to environment variables that adds schemas, validation, and security to the humble .env file. They dig into the risks of traditional env workflows, how schema-driven configs improve DX, and how tools like Varlock help manage secrets safely across frameworks, CI, and AI-powered workflows.Show Notes00:00 Welcome to Syntax!03:15 The Risks of .env Files04:58 Introducing Varlock: A Unified Solution06:56 Schema-Driven Environment Variables11:47 Integrating with Various Frameworks14:08 Brought to you by Sentry.io14:32 Cross-Language Compatibility17:50 Best Practices for Environment Variables21:11 Security Features of Varlock25:02 AI Integration and Environment Variables29:12 Introduction to Varlock and GitHub Actions32:45 Secrets Management and Best Practices36:09 The Future of Varlock and Open Source38:36 Sick Picks + Shameless PlugsSick PicksPhil: Bela.ioTheo: Wonder ManShameless PlugsPhil: nauticalartifactsTheo: howtostore.foodHit us up on Socials!Syntax: X Instagram Tiktok LinkedIn ThreadsWes: X Instagram Tiktok LinkedIn ThreadsScott: X Instagram Tiktok LinkedIn ThreadsRandy: X Instagram YouTube Threads.