There's something deeply satisfying about a .env file. No dashboards, no vendor lock-in, no surprise pricing emails. Just keys and values, readable by humans and machines alike. Plain text configuration has been the backbone of developer workflows for decades, and honestly, it's not going anywhere. But here's the thing β just because plain text can handle your auth configuration doesn't mean it should . I've been on both sides of this, and after migrating three projects from hand-rolled JWT setups to managed auth services last year, I have opinions. Let's break down when plain text config is the right call, when a managed auth service makes more sense, and how the major players stack up. The Plain Text Approach: Rolling Your Own The classic setup looks something like this.β¦
