Blog

Practical writing for developers who care about their tools.

18 articles

March 21, 202613 min readSumit Khanna

12 Million .env Files Were Exposed. Here's What Developers Get Wrong.

Researchers found over 12 million publicly accessible .env files leaking database passwords, API keys, and cloud credentials. Here's how it happens, what attackers do with the data, and how to fix it.

env file exposedleaked environment variablesenv file security

March 19, 202614 min readSumit Khanna

SlickEnv vs Doppler vs dotenv-vault: Which Is Right for Your Team?

An honest comparison of three popular .env management tools: SlickEnv, Doppler, and dotenv-vault. Pricing, encryption model, CLI experience, and team fit compared side by side.

slickenv vs dopplerdotenv-vault alternativedoppler alternative

March 16, 202610 min readSumit Khanna

Securing Your .env in the Age of Autonomous Code Agents

A practical guide to keeping your secrets safe when AI agents have full access to your codebase. Strategies for the agentic development era.

agentic coding securityAI agent env file best practicessecure env workflow AI

March 10, 20269 min readSumit Khanna

You Gave Your AI Agent Full Access. Did You Think About Your .env?

AI coding agents like Claude Code and Cursor have full terminal and file system access. They can read, modify, and delete your .env files. Most people never think about this.

claude code securityAI coding agent env fileagentic coding risks