You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is there an existing issue that is already proposing this?
I have searched the existing issues
Is your feature request related to a problem? Please describe it
.env files are really good for development purposes, but for production purposes, they could mean a security issue, because, if an attacker gains access to application's files, they will be able to get sensitive data for the functionality of any application using @nestjs/config module.
Said this, the support for .env files should be configurable.
Describe the solution you'd like
Add a property in the module options for avoiding to load .env files, so environment variables are only retrieved from the Operating System.
Is there an existing issue that is already proposing this?
Is your feature request related to a problem? Please describe it
.env
files are really good for development purposes, but for production purposes, they could mean a security issue, because, if an attacker gains access to application's files, they will be able to get sensitive data for the functionality of any application using@nestjs/config
module.Said this, the support for
.env
files should be configurable.Describe the solution you'd like
Add a property in the module options for avoiding to load
.env
files, so environment variables are only retrieved from the Operating System.Teachability, documentation, adoption, migration strategy
No response
What is the motivation / use case for changing the behavior?
The motivation of adding this feature is improving the security of Nest.js applications in production environments.
The text was updated successfully, but these errors were encountered: