Sometimes your project needs access to sensitive information like an access token or database password. Maybe your project needs some configuration like a hostname or a port to run on.
If so then it is likely that you are at least aware of the dotenv file. If not see this great medium article on Managing environment variables in Node.js – Rafael Vidaurre – Medium.
The big problem with storing sensitive information inside a git repository is that you could push and leak these keys (more so for open source projects). Because of this most gitignore file templates include all files with
.env extensions as a precaution.
Now security is out of the way, what about convenience. When you first clone a project that depends on a
.env file you have to A) know the environment variables that the project expects or B) copy from an env example file or readme and fill in the contents manually.
This could be much more streamlined which is why I have published an npm package envup.
This tool allows you to create an
env.json file in the root of your project containing the contents of your environment file and then configure it with one command.
This allows you to keep your env file ignored and also make it easy for others to configure their environment too!