.env-
Overview: What “.env” files are and why they matter
.env files (often named .env) store environment variables for applications—configuration values like API keys, database URLs, feature flags, secrets, and environment-specific settings. They let you separate configuration from code so the same codebase can run in development, staging, and production with different values.
Key benefits:
- Keeps configuration out of source code.
- Simplifies per-environment setup.
- Makes secrets easy to swap without changing code.
- Works well with 12-factor app principles.
Secret with special characters (quoted)
API_KEY="aB3!kL#9@mN"
5.1 Manual Parsing (Low-level)
The application reads the file, parses each line, and calls setenv() or the language's equivalent. Overview: What “
5.3 Framework Integration
Many frameworks include built-in .env support: Keeps configuration out of source code
- Laravel (PHP)
- Django with
django-environ - Ruby on Rails (via Figaro or dotenv-rails)
- Spring Boot (uses
application.properties, but can read.envvia plugins)
4) Precedence and layering
When multiple dotenv-style files are used, libraries or frameworks typically define a precedence order. Examples: Secret with special characters (quoted) API_KEY="aB3
- Base .env
- .env.local (developer-specific overrides, usually gitignored)
- .env.development / .env.production (environment-specific)
- .env.production.local (environment-specific local overrides)
- Files named like ".env-" variants follow the same principle if explicitly loaded by tooling; otherwise they may be ignored.
Common Libraries:
- Node.js:
dotenv - Python:
python-dotenv - Go:
godotenv
8) Best practices
- Commit a .env.example with placeholder values and documentation for required keys.
- Add all actual .env files and any patterns that match backups (e.g., .env-, .env.) to .gitignore.
- Use secret management for production and inject secrets at runtime (CI/CD, orchestration, or container runtime).
- Rotate secrets regularly and remove old .env backups from systems and repositories.
- Use clear naming conventions: prefer dot-separated suffixes (.env.production) for compatibility with many frameworks, but be consistent if you use dashes (".env-production" or ".env-").
- Document environment variable purpose and allowed values in README or a dedicated config doc.
3.1 Basic Rules
- Key-Value pairs:
KEY=value(no spaces around=unless part of the value). - Comments: Lines starting with
#are ignored. - Empty lines: Ignored.
- Quoting: Optional for simple strings; double or single quotes can preserve spaces or special characters.
- Variable expansion: Some parsers support
$VAR_NAMEto reference previously defined variables.
1. The Explicit Path (Best Practice)
Do not use multiple files in the root directory. Instead, use a single .env file and load different paths programmatically.
# Wrong
.env-production