Environment Variable Cheat Sheet

The essential patterns for managing .env files, reading variables in Node.js, and common pitfalls.

Syntax

environments-and-security
// .env file | process.env | validation patterns

Example

environments-and-security
// .env file (NEVER commit to git)
DATABASE_URL=postgres://user:pass@localhost:5432/mydb
API_KEY=sk-abc123
NODE_ENV=development
PORT=3000

// .env.example (ALWAYS commit — shows required vars)
DATABASE_URL=
API_KEY=
NODE_ENV=development
PORT=3000

// Reading in Node.js
import 'dotenv/config';
const dbUrl = process.env.DATABASE_URL;
if (!dbUrl) throw new Error('DATABASE_URL is required');

// .gitignore — always include:
.env
.env.local
.env.production

// Environment tiers
// development  → .env.local
// staging      → CI/CD secrets
// production   → secret manager (AWS Secrets Manager, Vault)