Introduction
Environment variables are a cornerstone of modern application configuration. They keep secrets out of code and allow different configurations for different environments. This guide covers best practices for managing environment variables securely.
What are Environment Variables?
Environment variables are key-value pairs available to your application at runtime:
DATABASE_URL=postgres://localhost:5432/mydb
API_KEY=secret123
NODE_ENV=productionBest Practices
✅ Do This
1. Use .env files for development
# .env
DATABASE_URL=postgres://localhost:5432/devdb
API_KEY=dev-key-1232. Never commit .env files
# .gitignore
.env
.env.local
.env.*.local3. Validate on startup
const required = ["DATABASE_URL", "API_KEY"];
required.forEach((key) => {
if (!process.env[key]) {
throw new Error(`Missing required env var: ${key}`);
}
});4. Use different files per environment
.env.development
.env.staging
.env.production❌ Don’t Do This
1. Don’t commit secrets
// ❌ Never!
const API_KEY = "secret123";2. Don’t use defaults for secrets
// ❌ Dangerous
const apiKey = process.env.API_KEY || "default-secret";Tools
Use our tools:
- Environment Variable Diff Tool - Compare .env files
Conclusion
Environment variables provide:
Benefits:
- Security
- Flexibility
- 12-factor compliance
- Easy configuration
Remember:
- Never commit secrets
- Validate required vars
- Use different files per environment
- Document required variables
Next Steps
- Compare files with Env Diff Tool
- Learn Security Best Practices
- Explore Configuration Management