Writing · 2026-07-07Tokyo · Incoming Cambridge HSPS

spent an hour last night chasing a bug that was never a bug

a stale copy of the same api key in an env file caused a machine-only failure until secrets moved to one OS-backed store.

TL;DR

last night’s bug was a stale copy of the same api key. code read the stale value, so it worked on one machine and failed everywhere else.

why did this look like a bug at all?

it took an hour to chase because the failure read like code trouble. the same api key lived in three places: two env files and my head, and one of those copies had gone stale.

i was reading the fresh value while the code was reading the stale one. that split made the behavior look random even though the cause was plain once the mismatch was visible.

what was actually wrong with the setup?

the problem was duplicate truth. when one value exists in more than one place, it becomes hard to know which copy is real at the moment the app runs.

that is how something can work on my machine and fail everywhere else. the machine used the copy I was looking at, while the code followed the stale copy in the env file.

what changed after the fix?

the fix was boring on purpose. secrets moved into one OS-backed store, and env files were left for config only.

that gave me one canonical place to check when something breaks. it also removed the plaintext copy sitting in a file waiting to get committed.

what is the actual lesson here?

if a secret lives in two spots, it stops being a secret and starts being a guess. the hard part is usually not the code path, it is the disagreement between copies.

the cleaner setup is the one that leaves no doubt about where the real value lives. once there is a single source of truth, debugging gets much shorter.

FAQ
why did this work on my machine but fail everywhere else?

because the code was reading a stale copy while you were checking a fresh one. the mismatch made the local result look fine and the rest of the environment fail.

what was the real fix?

move the secret into one OS-backed store and keep env files for config only. that removes the duplicate copy problem and gives you one place to inspect.

why is having the same secret in two places a problem?

because you lose certainty about which value the app actually uses. once copies drift, debugging turns into guesswork.

More writing