DEV Community

Discussion on: How to manage Local vs Dev vs Prod settings/configs in React?

tiguchi profile image
Thomas Iguchi • Edited on

I would keep .env or other local configuration files out of version control. Add those files to .gitignore (in case you're using git) so they cannot ever be accidentally committed. Create a template with comments and explanations for your config file which can be customized by each developer working on the project (e.g. .env.template). That template file can be added to version control.

I would use a CI server such as Jenkins for building and deploying environment specific versions of your project. There are plenty of plugins and features that allow you to take full control over the build process.

One of those features is storing local configuration files such as .env files right in your CI server's database. You can add staging and production build configuration files to your CI server, and set up a build script that:

  1. Checks out a fresh copy of your project
  2. Adds the correct config file for the current build type to it
  3. Builds and deploys the project

This has the following advantages:

  • Not everyone on your dev team (or your client) really needs to know about all secrets and details that are stored in local configuration files. You keep them out of source control. Specifically the production secrets should be confidential
  • An accidental source code leak does not mean that you have to renew all your 3rd party API keys and secrets

Minor downside:

  • You need to add a CI server to your mix and learn how to set it up and how to write build scripts