Environment Variables Guide
Environment variables best practices. Common patterns, platforms, security. Manage config across environments.
Environment Types
Development: Local testing, debug enabled
DEBUG=true, LOG_LEVEL=debug
Staging: Pre-production testing
API_URL=https://staging.api.com
Production: Live environment
DEBUG=false, LOG_LEVEL=error
Testing: CI/CD tests
MOCK_API=true
Common Variables
DATABASE_URL: Database connection string
API_KEY: External API authentication
SECRET_KEY: App secret for encryption
PORT: Server port number
NODE_ENV: Node environment mode
LOG_LEVEL: Logging verbosity
JWT_SECRET: JWT signing secret
REDIS_URL: Redis connection
Platform-Specific Loading
.env file: dotenv package, local development
require("dotenv").config()
Vercel: Environment variables in dashboard
Auto-loaded, accessible
Docker: docker-compose.yml or -e flag
environment: - KEY=value
Kubernetes: ConfigMaps and Secrets
envFrom: configMapRef
AWS: Parameter Store, Secrets Manager
AWS SDK retrieval
GitHub Actions: Repository secrets
env: KEY: ${{ secrets.KEY }}
Best Practices
Never commit .env to git
Add .env to .gitignore
Use .env.example for documentation
Different values per environment
Encrypt secrets in production
Rotate secrets regularly
Use secret management tools
Validate required variables
Use typed configuration
Don't expose secrets in logs
.env Example
# Database
DATABASE_URL=postgresql://user:pass@host:5432/db
# API Keys
API_KEY=your_api_key_here
SECRET_KEY=your_secret_here
# App Config
PORT=3000
NODE_ENV=development
LOG_LEVEL=debug
DATABASE_URL=postgresql://user:pass@host:5432/db
# API Keys
API_KEY=your_api_key_here
SECRET_KEY=your_secret_here
# App Config
PORT=3000
NODE_ENV=development
LOG_LEVEL=debug
Security Tips
Never log secrets. Use different keys per environment. Encrypt in transit. Use secret managers (Vault, AWS Secrets Manager). Audit secret access. Rotate on schedule. Don't embed in code. Use CI/CD secrets. Separate config from secrets. Minimum privilege access.