[{"data":1,"prerenderedAt":219},["ShallowReactive",2],{"blog-glossary/environment-variable":3},{"id":4,"title":5,"body":6,"category":195,"date":196,"dateModified":196,"description":197,"draft":198,"extension":199,"faq":200,"featured":198,"headerVariant":204,"image":205,"keywords":205,"meta":206,"navigation":207,"ogDescription":208,"ogTitle":205,"path":209,"readTime":210,"schemaOrg":211,"schemaType":212,"seo":213,"sitemap":214,"stem":215,"tags":216,"twitterCard":217,"__hash__":218},"blog/blog/glossary/environment-variable.md","What are Environment Variables? Secrets Management",{"type":7,"value":8,"toc":186},"minimark",[9,21,26,29,33,46,55,59,94,103,107,133,155,174],[10,11,12],"tldr",{},[13,14,15,16,20],"p",{},"Environment variables store configuration and secrets outside your code. Instead of hardcoding API keys, you reference variables like ",[17,18,19],"code",{},"process.env.API_KEY",". This keeps secrets out of git, lets you use different values in development vs production, and makes it easy to rotate credentials without changing code.",[22,23,25],"h2",{"id":24},"the-simple-explanation","The Simple Explanation",[13,27,28],{},"Your code needs to connect to a database. Instead of writing the password directly in your code (where anyone can see it), you put it in an environment variable. Your code reads the variable at runtime, and the actual secret never appears in your source files.",[22,30,32],{"id":31},"how-to-use-them","How to Use Them",[34,35,37],"prompt-box",{"title":36},".env file",[13,38,39,40],{},"DATABASE_URL=postgresql://user:password@localhost/mydb\nSTRIPE_SECRET_KEY=sk_test_abc123\nNEXT_PUBLIC_API_URL=",[41,42,43],"a",{"href":43,"rel":44},"https://api.example.com",[45],"nofollow",[34,47,49,52],{"title":48},"Accessing in code",[13,50,51],{},"// Node.js / JavaScript\nconst dbUrl = process.env.DATABASE_URL;",[13,53,54],{},"// Python\nimport os\ndb_url = os.environ.get('DATABASE_URL')",[22,56,58],{"id":57},"best-practices","Best Practices",[60,61,62,70,76,82,88],"ul",{},[63,64,65,69],"li",{},[66,67,68],"strong",{},"Never commit secrets:"," Add .env to .gitignore",[63,71,72,75],{},[66,73,74],{},"Create .env.example:"," Show required variables with placeholder values",[63,77,78,81],{},[66,79,80],{},"Validate at startup:"," Fail early if required variables are missing",[63,83,84,87],{},[66,85,86],{},"Use different values per environment:"," Development, staging, production",[63,89,90,93],{},[66,91,92],{},"Prefix client-side variables:"," NEXT_PUBLIC_ or VITE_ for browser access",[95,96,97],"warning-box",{},[13,98,99,102],{},[66,100,101],{},"Security note:"," Variables prefixed with NEXT_PUBLIC_ or VITE_ are exposed to the browser. Never put secret keys in client-accessible variables.",[22,104,106],{"id":105},"common-patterns","Common Patterns",[60,108,109,115,121,127],{},[63,110,111,114],{},[66,112,113],{},"DATABASE_URL:"," Database connection string",[63,116,117,120],{},[66,118,119],{},"API_KEY / SECRET_KEY:"," Third-party service credentials",[63,122,123,126],{},[66,124,125],{},"JWT_SECRET:"," Secret for signing tokens",[63,128,129,132],{},[66,130,131],{},"NODE_ENV:"," development, production, or test",[134,135,136,143,149],"faq-section",{},[137,138,140],"faq-item",{"question":139},"What is the difference between .env and .env.local files?",[13,141,142],{},"The .env file typically contains default or example values and may be committed to git. The .env.local file contains actual secrets for local development and should never be committed. Most frameworks prioritize .env.local over .env when both exist.",[137,144,146],{"question":145},"Should I commit my .env file to git?",[13,147,148],{},"Never commit .env files with real secrets. Instead, commit a .env.example file with placeholder values that shows what variables are needed. Add .env and .env.local to your .gitignore file to prevent accidental commits.",[137,150,152],{"question":151},"How do environment variables work in production?",[13,153,154],{},"In production, environment variables are set through your hosting platform's dashboard or secrets management system, not through .env files. Platforms like Vercel, Netlify, Railway, and AWS have built-in ways to securely store and inject environment variables.",[156,157,158,164,169],"related-articles",{},[159,160],"related-card",{"description":161,"href":162,"title":163},"What you store in env vars","/blog/glossary/api-key","API Key",[159,165],{"description":166,"href":167,"title":168},"AI prompts to fix secrets","/blog/prompts/fix-exposed-api-keys","Fix Exposed API Keys",[159,170],{"description":171,"href":172,"title":173},"Protecting sensitive data","/blog/glossary/encryption","Encryption",[175,176,179,183],"cta-box",{"href":177,"label":178},"/","Start Free Scan",[22,180,182],{"id":181},"find-exposed-secrets","Find Exposed Secrets",[13,184,185],{},"Scan your repo for hardcoded credentials and API keys.",{"title":187,"searchDepth":188,"depth":188,"links":189},"",2,[190,191,192,193,194],{"id":24,"depth":188,"text":25},{"id":31,"depth":188,"text":32},{"id":57,"depth":188,"text":58},{"id":105,"depth":188,"text":106},{"id":181,"depth":188,"text":182},"glossary","2026-01-06","Learn what environment variables are, why they keep secrets safe, and how to use them properly. Essential security knowledge for developers.",false,"md",[201,202,203],{"question":139,"answer":142},{"question":145,"answer":148},{"question":151,"answer":154},"green",null,{},true,"Environment variables keep API keys and secrets out of your code. Learn how.","/blog/glossary/environment-variable","4 min read","[object Object]","DefinedTerm",{"title":5,"description":197},{"loc":209},"blog/glossary/environment-variable",[],"summary_large_image","RV9wIrceMe0cp92-dVnJNNveX9ifAXPZ8fffd4emYIQ",1775843922992]