Store sensitive configuration (API keys, database passwords) in environment variables instead of code.
Why?
- Secrets stay out of version control
- Easy to change between environments
- Industry best practice (12-factor app methodology)
Using .env Files
Create a .env file:
DB_HOST=localhost\nDB_NAME=myapp\nDB_USER=myuser\nDB_PASS=secret\nAPP_KEY=random-32-char-stringAdd .env to .gitignore — never commit secrets.
Loading in Applications
- Node.js: Use
dotenvpackage - Python: Use
python-dotenv - PHP: Use
vlucas/phpdotenv
Systemd Services
[Service]\nEnvironmentFile=/var/www/myapp/.env