Getting started with dotenv and .env files
What are dotenv and .env?
.env
is a dotfile which developers can use to store environment variables for use in various code projects. It is beneficial to learn more about the specifics of and the format of a .env
file, as environment variables are rather common in software development. The basic syntax for environment variables within a .env
file is simply KEY=value
.
Check the parser rules below for a more detailed explanation.
dotenv
is an npm package that simplifies usage of .env
files.
How to use dotenv
Installing it as a dependency
Including it in a JavaScript source file
Referencing environment variables
dotenv parser rules
Empty lines are skipped
Lines beginning with
#
(comments) are ignored by the parserBASIC=basic
becomes{BASIC: 'basic'}
Empty values become empty strings -
EMPTY=
becomes{EMPTY: ''}
Inner quotes are maintained -
JSON={"foo": "bar"}
becomes{JSON:"{\"foo\": \"bar\"}"
Surrounding whitespace is removed from unquoted values (
FOO= some_value
becomes{FOO: 'some_value'}
)Single and double quoted values maintain surrounding whitespace -
FOO=" some_value "
becomes{FOO: ' some_value '}
Double quoted values expand escaped newlines -
MULTILINE="new\nline"
becomes
.gitignore the .env
Read more about ignoring files in git on the GitHub documentation.
Ignore files are used in many different Open Source repositories. Since we are working with blockchains and cryptocurrency, it is imperative to point out the security implications of this method. This prevents git from checking in the .env file to a public repository. If you are using a different code versioning system, there will be different requirements.
Create a file named .gitignore
in the same directory as the project package.json
and explicitly name the .env
file on a line by itself within that .gitignore
file.
This is an important step to safeguarding any API keys, seed phrases or other sensitive information placed inside a .env
file from being inadvertently sent to a public code repository on the internet, where they would immediately become vulnerable with a high likelihood of being scraped by bots.
Last updated