There are instances in an application where you need to be able to hide certain things from your GIT commits. Things like API keys that you can’t make publicly available. When that happens you need to have a way to insert a variable in place of those secret bits of information and have the definitions in a file that is only accessible to you.

That’s exactly what the dotenv package does. After you have followed the installation instructions in the docs you simply make a .env file and put your definitions in there.

CLOUDINARY_CLOUD_NAME='theNameOfYourCloud'
CLOUDINARY_API_KEY='123456789'
CLOUDINARY_API_SECRET='123FakeKey456'

For example I have a use case for this right now where I am building a blog CMS application and implementing image uploads. To do this i’m connecting with a service called Cloudinary and I need to provide my API key in my code. If I just put the API in plain text and then commit my project to GIT my connection info will be available to everyone which is going to be a bad day for me.

Once I have put the above definitions into my .env file and configured the package correctly I can then go into my application and call that secret information like so.

// ***************************
// Cloudinary Config
// *************************** 
 cloudinary.config({ 
  cloud_name: process.env.CLOUDINARY_CLOUD_NAME, 
  api_key: process.env.CLOUDINARY_API_KEY, 
  api_secret: process.env.CLOUDINARY_API_SECRET
});

The .env file should be ignored by GIT by default, but I figure it doesn’t hurt to add it to the .gitignore file just in case, so I went ahead and did that. 👍