You must never upload your actual .env-development , .env-staging , or .env-production files to GitHub, GitLab, or Bitbucket. If your repository is public, automated bots will scrape your API keys within seconds, potentially costing you thousands of dollars in cloud bills. Add them to your .gitignore file immediately:
(on server, not in Git):
Or so they thought. This one wasn't in Git. It was just sitting there. On the live server. Its last modification date: June 3rd, 2019. The day before the Series A funding closed. You must never upload your actual
When you first build a small application, you might get away with a single .env file. However, as soon as you collaborate with others or deploy your app to the cloud, a single file creates massive friction. This one wasn't in Git