985: Stop putting secrets in .env

Scott and Wes are joined by Phil Miller and Theo Ephraim to talk about Varlock, a new approach to environment variables that adds schemas, validation, and security to the humble .env file. They dig into the risks of traditional env workflows, how schema-driven configs improve DX, and how tools like Varlock help manage secrets safely across frameworks, CI, and AI-powered workflows.


Show Notes



00:00 Welcome to Syntax!


03:15 The Risks of .env Files


04:58 Introducing Varlock: A Unified Solution


06:56 Schema-Driven Environment Variables


11:47 Integrating with Various Frameworks


14:08 Brought to you by Sentry.io



14:32 Cross-Language Compatibility


17:50 Best Practices for Environment Variables


21:11 Security Features of Varlock


25:02 AI Integration and Environment Variables


29:12 Introduction to Varlock and GitHub Actions


32:45 Secrets Management and Best Practices


36:09 The Future of Varlock and Open Source


38:36 Sick Picks + Shameless Plugs



Sick Picks


Phil: Bela.io


Theo: Wonder Man




Shameless Plugs


Phil: nauticalartifacts


Theo: howtostore.food




Hit us up on Socials!

Syntax: X Instagram Tiktok LinkedIn Threads

Wes: X Instagram Tiktok LinkedIn Threads

Scott: X Instagram Tiktok LinkedIn Threads

Randy: X Instagram YouTube Threads