DEV Community

Luke Harris
Luke Harris

Posted on

Managing dotenv files in git repositories

Sometimes your project needs access to sensitive information like an access token or database password. Maybe your project needs some configuration like a hostname or a port to run on.

If so then it is likely that you are at least aware of the dotenv file. If not see this great medium article on Managing environment variables in Node.js – Rafael Vidaurre – Medium.

The big problem with storing sensitive information inside a git repository is that you could push and leak these keys (more so for open source projects). Because of this most gitignore file templates include all files with .env extensions as a precaution.

Now security is out of the way, what about convenience. When you first clone a project that depends on a .env file you have to A) know the environment variables that the project expects or B) copy from an env example file or readme and fill in the contents manually.

This could be much more streamlined which is why I have published an npm package envup.


This tool allows you to create an env.json file in the root of your project containing the contents of your environment file and then configure it with one command.

This allows you to keep your env file ignored and also make it easy for others to configure their environment too!

Top comments (9)

bengreenberg profile image
Ben Greenberg

Thats a super helpful tool! I've created a couple projects that require a .env file and when someone's cloned it, I've had to walk them through what variables were required. This is much more streamlined and simpler. Thanks!

karfau profile image
Christian Bewernitz • Edited

I don't get something here: we do not put .env under version control, to avoid leaking secrets, but then you put the data to put into the file into another file to generate it.

Why is this not defeating the purpose of not storing this data in version control?

bdmason profile image

It's instead of copying, renaming, and editing .env.example.

You don't put sensitive info in the json file, just defaults. When you run envup the interactive cli asks you to enter all the values.

I got that from the screenshot; it could be explained a little further in the article.

gijovarghese profile image
Gijo Varghese

There is a much better way to set environment variables in NodeJS. I've written a detailed post - How I Setup Environment Variables in NodeJS. No, it’s not β€œdotenv”

mgrachev profile image
Grachev Mikhail

In addition to using environment variables I can recommend the tool β€” it’s a lightning-fast linter forΒ .env files. Written in Rust.
Maybe it would be useful for you.

david_j_eddy profile image
David J Eddy

For the fellow PHP'ers out there, here is an amazing .env library. Add two lines to your applications init logic and you're off to the races.

_bigblind profile image
Frederik πŸ‘¨β€πŸ’»βž‘οΈπŸŒ Creemers

This looks cool! I'll use that in my next project. Can the env.json also be generated from an existing .env file?

luk707 profile image
Luke Harris

Not currently but that could be very useful, I'll add an issue and get round to this at some point!

gabedunn profile image
Gabe Dunn

Just added this to my project, works great!
Thanks :)