985: Stop putting secrets in .env

Scott and Wes are joined by Phil Miller and Theo Ephraim to talk about Varlock, a new approach to environment variables that adds schemas, validation, and security to the humble .env file. They dig into the risks of traditional env workflows, how schema-driven configs improve DX, and how tools like Varlock help manage secrets safely across frameworks, CI, and AI-powered workflows. Show Notes 00:00 Welcome to Syntax! 03:15 The Risks of .env Files 04:58 Introducing Varlock: A Unified Solution 06:56 Schema-Driven Environment Variables 11:47 Integrating with Various Frameworks 14:08 Brought to you by Sentry.io 14:32 Cross-Language Compatibility 17:50 Best Practices for Environment Variables 21:11 Security Features of Varlock 25:02 AI Integration and Environment Variables 29:12 Introduction to Varlock and GitHub Actions 32:45 Secrets Management and Best Practices 36:09 The Future of Varlock and Open Source 38:36 Sick Picks + Shameless Plugs Sick Picks Phil: Bela.io Theo: Wonder Man Shameless Plugs Phil: nauticalartifacts Theo: howtostore.food Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads