NEWNow open source & self-hostable. Star us on GitHub →

Articles

Guides, tutorials, and best practices for secure secrets management and environment variables.

Security12 min

Are .env Files Still Safe for Secrets in 2026?

Environment variables sit in plain text, leak through logs, crash dumps, Docker layers, and AI agents. Here's what to use instead — with migration examples.

By Nicolas Ritouet
Best Practices14 min

Best Doppler Alternatives for Secrets Management (2026)

Compare the best Doppler alternatives for secrets management: Keyway, Infisical, HashiCorp Vault, 1Password, dotenvx, and SOPS. Feature comparison, pricing, and migration guides.

By Nicolas Ritouet
Guide12 min

Best dotenv Alternatives for 2026

Move beyond .env files. Compare modern dotenv alternatives: Node.js --env-file, dotenvx, Keyway, Doppler, Infisical, and more. With migration examples.

By Nicolas Ritouet
Best Practices15 min

Environment Variables Best Practices for Developers

The complete guide to environment variable best practices: naming conventions, validation, security, per-environment configs, team sharing, CI/CD, and a security checklist.

By Nicolas Ritouet
Guide10 min

Fastify + Railway: How We Actually Manage Environment Variables

Our real workflow for managing environment variables in a Fastify 5 API deployed on Railway. No .env file on disk, Zod validation, Pino secret redaction, Railpack builds, and keyway run for zero-trust secrets injection.

By Nicolas Ritouet
Best Practices8 min

Why New Developers Spend Day 1 Hunting for Secrets

A new dev joins your team, clones the repo, runs npm install, then npm run dev. Nothing works. The next 3 hours are spent asking for credentials on Slack. Here's how to fix this.

By Nicolas Ritouet
Company4 min

Will Keyway Shut Down?

A fair question. You've been burned before. Here's why Keyway isn't going anywhere, and what happens if it does.

By Nicolas Ritouet
Story5 min

Why I Built Keyway

After 25 years of coding, working on dozens of projects with countless collaborators, I kept seeing the same problem everywhere - sharing environment variables is still broken. So I built a fix.

By Nicolas Ritouet