: Create a new file named .env based on the sample. On Linux/Mac/Terminal: cp .env.sample .env
# ============================================================================== # APPLICATION CONFIGURATION # ============================================================================== NODE_ENV=development PORT=8080 APP_URL=http://localhost:8080 # ============================================================================== # DATABASE CONFIGURATION # Use "postgresql" or "mysql" for DB_CLIENT # ============================================================================== DB_CLIENT=postgresql DB_HOST=localhost DB_PORT=5432 DB_USER=your_database_user DB_PASSWORD=your_database_password DB_NAME=my_app_dev # ============================================================================== # THIRD-PARTY API KEYS # Get your keys at https://stripe.com and https://sendgrid.com # ============================================================================== STRIPE_API_KEY=sk_test_replace_with_your_actual_key SENDGRID_API_KEY=SG.replace_with_your_actual_key # ============================================================================== # SECURITY & AUTHENTICATION # Generate a random 32-character string for the secret # ============================================================================== JWT_SECRET=your_jwt_secret_phrase_here Use code with caution. Key Elements to Notice:
API_KEY= DB_HOST= DB_USER= DB_PASS= MODE=
Using a sample file streamlines the "onboarding" process for new team members and prevents application crashes that occur when required variables are missing. Tools like Spotenv can even help automate the generation of these templates. .env.sample
A bad sample file is just a list of KEY= . A great sample file is a work of documentation. Here is the anatomy of a professional .env.sample :
WEB_PORT=8080 DB_PORT=5432
Use linters or pre-commit hooks that scan your codebase or compare keys between .env and .env.sample to throw an error if they do not match. Never Put Real Production Secrets in the Sample : Create a new file named
# Database Configuration # Format: postgresql://[user[:password]@][netloc][:port][/dbname] DATABASE_URL=postgresql://user:password@localhost:5432/mydb
A developer introduces a new feature requiring a REDIS_URL , adds it to their personal .env , but forgets to add REDIS_URL= to the .env.sample . The application crashes for everyone else on the next git pull. The Solution: Make .env.sample updates a mandatory checkbox on your Pull Request (PR) templates. If a code change introduces a new environment dependency, the PR must include the updated template. Pitfall 3: Not Explaining Cryptic Formats
: Instead of leaving a value blank, use a placeholder like your_api_key_here so it's obvious what goes there. Tools like Spotenv can even help automate the
STRIPE_SECRET_KEY=pk_test_placeholder SENDGRID_API_KEY=SG.dummy-key
Even a .env.sample can be dangerous if developers treat it as a scratchpad. Never put real data into a sample file.
A for a specific tech stack (Node.js, Python, PHP)?
.env files are simple text files that store environment variables for a project. They contain key-value pairs of variables and their corresponding values, which are then loaded into the application's environment. This way, sensitive information is kept separate from the codebase, reducing the risk of exposure.