. By separating execution configurations from raw source code, it prevents sensitive information leakages and guarantees application flexibility across staging, testing, and production states.
The framework sets an internal variable, usually NODE_ENV , to "development" .
require('dotenv').config( path: './.env.development' );
// ✅ Use a backend proxy endpoint app.post('/api/create-checkout', (req, res) => // Server-side only — keys never leave the server const session = await stripe.checkout.sessions.create(...); ); .env.development
Variables are defined in a simple KEY=VALUE format.
: This is a security vulnerability that can expose API keys and database credentials to the entire world if your repository becomes public.
DATABASE_NAME=my_app_prod LOG_LEVEL=error require('dotenv')
Double-check your framework’s specific prefix rules. If you are using Vite, ensure it starts with VITE_ . If you are using Next.js, ensure it starts with NEXT_PUBLIC_ . Without these prefixes, build tools intentionally strip the variables out of the client bundle to protect your backend secrets.
✅ are usually optional unless the value contains spaces.
const apiConfig = baseURL: process.env.API_ENDPOINT_DEV, headers: 'Authorization': `Bearer $process.env.API_KEY_DEV`, , ; If you are using Vite, ensure it starts with VITE_
# ========================================== # DATABASE CONFIGURATION # ========================================== DB_HOST=localhost DB_USER=root # ========================================== # THIRD-PARTY APIS (SANDBOX ENVS) # ========================================== PAYMENT_GATEWAY_URL="https://gateway.com" Use code with caution. Troubleshooting Common Issues "Changes to my .env.development file aren't appearing!"
function App() const apiUrl = process.env.REACT_APP_API_URL; const isDebug = process.env.REACT_APP_DEBUG === 'true';
Managing application configuration across different environments is a foundational challenge in modern software development. Hardcoding sensitive credentials or system-specific endpoints directly into source code introduces security vulnerabilities and compromises code portability.
: Verify that the file is in the absolute root directory of your project, not buried inside a src or public folder. Git Tracking Conflicts