The .env
file, pronounced ‘dot ee en vee’, is often used in development to protect important passwords or API tokens from ending up in production environments. It’s not even what the pro-pro’s use, but it’s a good-enough solution for our purposes.
Click to hear pronunciation.
And if you’re curious how I made the above recording, check out this ChatGPT convo.
The dotenv
package in npm
allows us to bring the .env
file’s contents into Node’s process
object and access them in our script environment. You can accomplish this with a one-liner at the top of your code and then access any of the variables like so:
// starting in .env file...
API_KEY="skajhgfiuifuhbdkjbn" # some bogus api key
// and then in say, script.js...
require('dotenv').config()
const API_KEY = process.env.API_KEY
console.log(API_KEY)
// outputs skajhgfiuifuhbdkjbn
Now the API_KEY
variable in the Node script will contain the value of the API_KEY
variable from the .env
file.
As long as we include the .env
file in our .gitignore
, its contents will remain safely on our local computer, and whoever we share the code with can create their own .env
file after they clone our repo. You’ll often see instructions for .env
files in a repo’s README.