DEV Community

Discussion on: Stop Using .env Files Now!

Collapse
 
fluffynuts profile image
Davyd McColl

From your description, I think you've seen some bad practices, so here goes:

  1. the .env file should never be committed to the repo -- it should be in your .gitignore!
  2. there are supplementary files which you can commit to use in dev, eg .env.development or .env.example which could be used to set up a dev environment. .env.example would contain a bunch of lines like VARIABLE= with no value set, so that a dev could copy that to .env locally and set the appropriate values.
  3. you don't need .env in your docker container - the whole point is that these files specify environment variables, if they aren't already set. In other words, your prod runtime could just have these variables set by the launcher somewhere (eg via config in your deployment tool (we use Octopus) which is spat out somewhere.
  4. if any of these values are defined via environment variables, those environment variables take precedence, so another way to have this config opaque is to have it defined as part of env vars for the user running the process.

I don't have a problem with config servers, just that I think if you'd seen good practices upheld with .env files, you may not fear them as much.

Collapse
 
twysto profile image
TwystO • Edited

Exactly the response I was about to write, you saved me some time bro!
Never commit your .env (.env with secrets inside should be in you .gitignore) but commit a .env.example with empty values.