Skip to main content

Environment Variables With dotenv πŸ™Š

April 13, 2020
APISecurityNode
Environment variables are how you keep credentials like API keys secret when you upload your code to a public repository.

There are instances in an application where you need to be able to hide certain things from your GIT commits. Things like API keys that you can’t make publicly available. When that happens you need to have a way to insert a variable in place of those secret bits of information and have the definitions in a file that is only accessible to you.

That’s exactly what the dotenv package does. After you have followed the installation instructions in the docs you simply make a .env file and put your definitions in there.

dot env file

CLOUDINARY_CLOUD_NAME='theNameOfYourCloud'
CLOUDINARY_API_KEY='123456789'
CLOUDINARY_API_SECRET='123FakeKey456'

For example I have a use case for this right now where I am building a blog CMS application and implementing image uploads. To do this i’m connecting with a service called Cloudinary and I need to provide my API key in my code. If I just put the API in plain text and then commit my project to GIT my connection info will be available to everyone which is going to be a bad day for me.

Once I have put the above definitions into my .env file and configured the package correctly I can then go into my application and call that secret information like so.

// ***************************
// Cloudinary Config
// *************************** 
 cloudinary.config({ 
  cloud_name: process.env.CLOUDINARY_CLOUD_NAME, 
  api_key: process.env.CLOUDINARY_API_KEY, 
  api_secret: process.env.CLOUDINARY_API_SECRET
});

The .env file should be ignored by GIT by default, but I figure it doesn’t hurt to add it to the .gitignore file just in case, so I went ahead and did that. πŸ‘

Comments

Recent Work

Basalt

basalt.software

Free desktop AI Chat client, designed for developers and businesses. Unlocks advanced model settings only available in the API. Includes quality of life features like custom syntax highlighting.

Learn More

BidBear

bidbear.io

Bidbear is a report automation tool. It downloads Amazon Seller and Advertising reports, daily, to a private database. It then merges and formats the data into beautiful, on demand, exportable performance reports.

Learn More