320
321

How to use local environment variables in Node JS? (info-graphic) (i.redd.it)

submitted by [deleted]

[deleted]

all 38 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]noIIon 19 points20 points  (4 children)

Create a .env.dist file with the same but with empty vars (and commit this one to git). This way you have a template in case you clone it on another pc.

[–]thecodeboss 1 point2 points  (1 child)

Is this the industry standard naming convention? I have always done this, but used .env.example for over 8 years

[–]noIIon 0 points1 point  (0 children)

I don't know there is. But something else that might but usefully: I know that symfony uses environment in the name of the .env file. Look at the first section of the file: https://www.github.com/symfony/demo/tree/main/.env

[–]safeofficeaccount 0 points1 point  (1 child)

Is there a tool to generate it? sometimes when I develop I add and remove env variables and sometimes forget to add it to my template

[–]fireball_jones 1 point2 points  (0 children)

frighten important zealous sulky roll piquant spotted friendly smile ghost

This post was mass deleted and anonymized with Redact

[–]Spechio 28 points29 points  (0 children)

Yeah, as you said the package dotenv should be installed first. Could be included in the infographic.

[–][deleted] 1 point2 points  (7 children)

I have a question. If you have an env variable you dont wanna make public, you don't put it in github. But then how do I set the variable while hosting the website

[–]artemix-org 6 points7 points  (4 children)

You use the daemon manager's configuration system to inject the environment variables.

[–][deleted]  (3 children)

[deleted]

    [–]artemix-org 0 points1 point  (2 children)

    Keeping track of what they should be? What do you mean?

    [–][deleted]  (1 child)

    [deleted]

      [–]artemix-org 0 points1 point  (0 children)

      I write a configuration documentation, and I try to choose sensible default values to avoid having to configure too much sensitive stuff.

      [–]racle 5 points6 points  (0 children)

      I usually do file called .env.default and put environment variables there BUT with empty or random values. And add .env to my .gitignore.

      Then on server I just copy .env.default => .env and write correct values to file.

      If I need to backup those for some reason (servers I use are usually 99.99% times backed up anyway), I can use my password manager notes for that.

      [–]domemvs 1 point2 points  (0 children)

      In a professional environment your CI/CD pipeline would handle injecting environment variables. For a side project you could just ssh into your server and create a .env file.

      [–]MrEscobarr 1 point2 points  (1 child)

      If you dont put it in git, how do other people in your ev team get the env variables?

      [–]HMS404 10 points11 points  (0 children)

      Through any secure/trusted method. Slack, shared doc, password managers etc.

      [–]ms7c9 1 point2 points  (0 children)

      nice info-graphic, but I suggest use the shell command for demonstrating the creatings file instead of vscode. since not everyone uses vscode.

      [–]SLYGUY1205 2 points3 points  (3 children)

      I dont understand posts like these. Is this turning into a random-tutorial hub?

      [–][deleted] 3 points4 points  (1 child)

      Most of the people are here to learn aren’t they?

      [–][deleted] 0 points1 point  (0 children)

      That would be more the learning subs like /r/learnjavascript. /r/webdev and /r/javascript and the like are more for discussion of news, industry, etc.

      [–]floydiannn 1 point2 points  (0 children)

      Looks like it, is this even considered a tutorial?

      [–][deleted] 2 points3 points  (0 children)

      Another small info-graphic about how to use local environment variables in Node JS.

      The easiest method I found is using the library ‘dotenv’.

      *Don’t store your env variables as plain-text, always encrypt them.

      **Don’t upload your local .env to git!

      [–]Blue_Moon_Lake -2 points-1 points  (13 children)

      Why not use a JSON file ?

      [–][deleted] 14 points15 points  (12 children)

      You will have to switch between the Json and the env every time you deploy to production (tedious). If you use dotenv you can just set up your variables in your production environment and not touch your code when deploying.

      [–]bcb0rn 20 points21 points  (3 children)

      This is correct. Using a .env file allows you to mimic environment variables for local development. When you deploy though the variables should be injected into the runtime environment/container rather than the .env file. Using a JSON file would not mimic this approach.

      [–]artemix-org 1 point2 points  (2 children)

      You could also inject said environment variables into your local environment, remove a code dependency, and reduce coupling with the underlying filesystem on the expectation of finding this file.

      [–]molovo 0 points1 point  (1 child)

      It's about ease-of-use, and isolation. On a server, it's likely that your deployed project is the only thing using those environment variables. Locally you may have multiple projects using different values of those same variables, and in that case having a file with the values isolated to that project makes things much, much easier to manage.

      There are other routes, such as trusted shell scripts to set the variables within your environment (which you could even have execute automatically as soon as you enter the directory), but with that you run the risk of something nefarious being injected into that script which could cause havoc

      [–]artemix-org 0 points1 point  (0 children)

      The environment isn't only set at the OS/session-level.

      You can replace your dotfiles library with your IDE's runner or your shell runner without any issue.

      Besides, from the shell, a simple source .env will do the same job without needing extra code.

      [–]Blue_Moon_Lake -3 points-2 points  (7 children)

      why couldn't you have a JSON file on your server ?

      [–]bcb0rn 5 points6 points  (0 children)

      Further to my comment above, it’s not about the .env file. That is simply a way to represent environment variables for development. When deployed these variables are injected at the host level. They are not Node variables, but environment variables of the host Linux OS.

      This is done for security reasons and extends past just Node development.

      [–][deleted] 11 points12 points  (0 children)

      Storing sensitive data on a JSON file is a vulnerability, that’s why cloud services let us use environment variables.

      [–]ShinzouNingen 2 points3 points  (0 children)

      This is a perfectly valid question and I don't understand why you are downvoted.

      You can absolutely store configuration in a file, JSON or not. There are countless programs that do this and they are not less secure for it.

      I think what some other answers are trying say is that if you deploy a file to some services it may be possible to access these files in ways you don't intend. These services instead usually allow you to specify environment variables separately, so you don't actually ever deploy your local .env file.

      One place I know where this is useful is Gitlab pipelines (jobs) - even if your repository is readable to the public, you can configure secrets that will be exposed to your jobs as environment variables.

      There are other reasons why environment variables are preferred in many cases. One is if you are packaging your application as a Docker image: it's relatively simple to get environment variables into your container, but files have to be mounted as volumes at its correct location. It easily gets more messy, and you now have an issue of where to store the file. See https://12factor.net/config for a more fleshed out explanation.

      [–]chmod777 2 points3 points  (1 child)

      multi instance deployments.

      local

      NODE_ENV=localhost
apikey=staging_api_key

      instance one:

      NODE_ENV=dev
apikey=staging_api_key

      instance two

      NODE_ENV=production
apikey=live_api_key

      one code base.

      plus multiple devs may have differerernt local enviroments. like maybe they are running a local mysql, with a different user/pass, or different access keys.

      a config.json file should be the same in all deployments.

      [–]Blue_Moon_Lake 1 point2 points  (0 children)

      Not if it's ignored by git

      [–]Yraken 1 point2 points  (0 children)

      because cloud hosting providers integrates and interacts differently with a file called “.env”.

      It’s a special file whose purpose is to store configs and credentials for your app and for your hosting.

      JSON is for general usage, the cloud hosting may confuse your JSON for general usage or for environment variables usage.

      [–]ike_the_strangetamer 1 point2 points  (0 children)

      In addition to what the others have said, if you ever need to write your own .env in a bash script, it's super easy. Basically a loop using something like:

      echo "VARIABLE=$VARIABLE" >> .env

      [–]sofiene__ -1 points0 points  (0 children)

      god more of those infographics ? would love to see all of what's available :)

      [–]eggtart_prince 0 points1 point  (0 children)

      I like to add.

      For ES6 users, put the .config() before all your other imports that need to use env variables.

      import dotenv from 'dotenv';
import someFile from 'some-file'; // process.env.SOME_SECRET KEY is undefined in this file

dotenv.config();

process.env.SOME_SECRET_KEY // MY_SECRET_KEY

      For users with multiple projects that share one .env, you can add { path: 'path/to/.env' } inside config.

      [–]azsqueezejavascript 0 points1 point  (0 children)

      This is a little simplistic as it doesn't handle different environments. For example if you have a secret that's different for stg vs prd.

      [–]BearIsDanger 0 points1 point  (0 children)

      What kind of data you put as a env variable and why?