Environment Variable Cheat Sheet
The essential patterns for managing .env files, reading variables in Node.js, and common pitfalls.
Syntax
environments-and-security
// .env file | process.env | validation patternsExample
environments-and-security
// .env file (NEVER commit to git)
DATABASE_URL=postgres://user:pass@localhost:5432/mydb
API_KEY=sk-abc123
NODE_ENV=development
PORT=3000
// .env.example (ALWAYS commit — shows required vars)
DATABASE_URL=
API_KEY=
NODE_ENV=development
PORT=3000
// Reading in Node.js
import 'dotenv/config';
const dbUrl = process.env.DATABASE_URL;
if (!dbUrl) throw new Error('DATABASE_URL is required');
// .gitignore — always include:
.env
.env.local
.env.production
// Environment tiers
// development → .env.local
// staging → CI/CD secrets
// production → secret manager (AWS Secrets Manager, Vault)