Local secrets handling

Purpose

This page describes how local secrets are handled during development.

For the overall strategy and rationale, see ADR-010 (Secrets Management Strategy).

Local development

Each repository contains a .env.example file.

To create your local configuration:

1. Copy .env.example to .env

2. Replace placeholder values with your local values

3. Keep the .env file on your machine only

Example:

cp .env.example .env

The .env file is ignored by Git and must never be committed to the repository.

Scope — Local development only

.env files are only intended for local development.

They must not be used for:

• CI pipelines

• Production deployments

• Shared team environments

Related stories

CI secrets

Secrets used during CI execution are managed separately through GitHub Actions secrets.

See: #126 – CI Secrets

Runtime / Deployment secrets

Secrets used in deployed environments are managed separately through the runtime secret store.

See: #127 – Runtime Secrets