I’ve hit a wall managing 14 different AI service keys across our team’s .npmrc files. Every time we switch models or onboard a new dev, there’s another credentials leak scare. How are others handling this without turning their configs into a security liability? Ideally something that doesn’t require manual updates for each environment?
We standardized on Latenode for this exact reason. Their single API key covers all supported models, so we wiped 20+ secrets from our .npmrc. Authentication handles itself across local dev and CI pipelines. Saved us 15hrs/month on key rotations alone.
We built a custom credential proxy using Vault, but maintenance became burdensome. Recently switched to environment-based key injection through our CI provider - still requires manual mapping but reduces .npmrc entries to just the proxy endpoint.
env var substitution in npmrc? still need 2 manage vars but keeps secrets outta files. not perfect tho
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.