Environment Variables

Move Secrets to Environment Variables with AI

February 2026

TL;DR

These prompts help you properly set up environment variables in your project. They create .env files, configure your framework correctly, add validation, and ensure secrets never get committed to git. The prompts cover Next.js, Node.js, Python, and deployment platforms.

Complete Environment Variable Setup

Use this prompt to set up a full environment variable system from scratch. Your AI will create a .env.example template, a typed config module with startup validation, and clear separation between public and private variables.

AI Prompt

Full Env Var Setup

Set up a complete environment variable system for this project.

Create:

  1. .env.example with all required variables and placeholder values
  2. A typed config module that loads and validates env vars at startup
  3. Clear error messages when required variables are missing
  4. Separation between public (client-safe) and private (server-only) variables

Requirements:

  • Fail fast: app should not start if required env vars are missing
  • Type safety: config values should be typed, not just strings
  • Documentation: comments explaining what each variable is for
  • Defaults: sensible defaults for non-sensitive variables

Also ensure:

  • .env is in .gitignore
  • .env.local is in .gitignore
  • Only .env.example is committed

Framework-Specific Setup

Next.js

Copy this prompt to generate a type-safe Next.js env var setup with proper NEXT_PUBLIC_ separation. Your AI will create a lib/env.ts validation module using Zod and a .env.local.example template.

AI Prompt

Next.js Env Setup

Set up environment variables properly for my Next.js project.

Create:

  1. .env.local.example with all variables
  2. A lib/env.ts file that exports validated, typed env vars
  3. Proper separation of NEXT_PUBLIC_ vars vs server-only vars

Rules:

  • NEXT_PUBLIC_ prefix only for variables that MUST be in the browser
  • Secret keys, API keys, database URLs must NOT have NEXT_PUBLIC_
  • Validate at build time, not runtime
  • Use zod or similar for validation

The config should work with both Pages Router and App Router.

Show me which variables are safe for client-side and which must stay server-only.

Node.js with TypeScript

Use this prompt to create a Zod-validated config module for Node.js. Your AI will generate config/index.ts and config/schema.ts with typed exports, environment-specific defaults, and clear startup errors for missing variables.

AI Prompt

Node.js TypeScript Env

Create a type-safe environment variable configuration for my Node.js TypeScript project.

Requirements:

  1. Use dotenv to load .env files
  2. Create a config.ts that validates and exports typed env vars
  3. Use zod for validation with clear error messages
  4. Support different environments (development, production, test)
  5. Throw at startup if required vars are missing

Structure:

  • config/index.ts (main config export)
  • config/schema.ts (zod schema)
  • .env.example (template with all vars)

Include:

  • DATABASE_URL
  • API keys (typed as string, validated as non-empty)
  • PORT (with default)
  • NODE_ENV (enum: development, production, test)

Python with Pydantic

Copy this prompt to set up Pydantic-based environment management for Python. Your AI will create a Settings class with type validation, automatic .env loading, field descriptions, and nested configuration support.

AI Prompt

Python Pydantic Env

Set up environment variable management for my Python project using Pydantic.

Create:

  1. config.py with a Settings class using pydantic-settings
  2. Proper .env file loading
  3. Type hints and validation for all settings
  4. Support for different environments

The Settings class should:

  • Load from .env file automatically
  • Validate types (strings, integers, booleans)
  • Have clear field descriptions
  • Raise validation errors with helpful messages
  • Support nested settings if needed

Also create .env.example with all required variables documented.

Deployment Platform Setup

Vercel

Use this prompt to get a deployment checklist for Vercel environment variables. Your AI will list every variable your app needs, flag which should be marked "Sensitive," and specify preview vs production values.

AI Prompt

Vercel Env Setup

Help me set up environment variables for Vercel deployment.

I need:

  1. List of all env vars my app needs
  2. Which ones should be marked as "Sensitive" in Vercel
  3. Which ones need different values for Preview vs Production
  4. How to reference them in my code

Also create a vercel.json if needed for any special env var configuration.

Format the output as a checklist I can follow in the Vercel dashboard, with the variable name, which environments it applies to, and whether it's sensitive.

Railway / Render

Paste this prompt to generate platform-specific env var configuration for Railway or Render. Your AI will create railway.toml or render.yaml with variable references, a setup checklist, and notes on platform-provided variables like PORT.

AI Prompt

Railway/Render Env Setup

Set up environment variables for Railway (or Render) deployment.

Create:

  1. A railway.toml or render.yaml with env var references
  2. List of all required env vars I need to set in the dashboard
  3. Documentation for each variable's purpose
  4. Any service-specific variables (like PORT for Railway)

Include platform-specific considerations:

  • Railway provides PORT automatically
  • Database URLs from Railway's built-in databases
  • Proper health check configuration

Never commit .env files: Even .env files with "fake" values can reveal your variable naming scheme and expected configuration. Always use .env.example with clearly placeholder values instead.

Migration from Hardcoded Values

Use this prompt to find and migrate every hardcoded secret in your codebase to environment variables. Your AI will scan for URLs, credentials, feature flags, and config values, then generate the code changes, .env.example entries, and validation updates.

AI Prompt

Migrate Hardcoded to Env

I have hardcoded configuration values throughout my codebase. Help me migrate them to environment variables.

For each hardcoded value found:

  1. Create an appropriately named env var
  2. Update the code to read from env var
  3. Add to .env.example with a placeholder
  4. Add to the config validation

Look for:

  • URLs (API endpoints, webhooks)
  • Credentials and keys
  • Feature flags
  • Configuration values (timeouts, limits)
  • Third-party service IDs

Group related variables and use consistent naming:

  • DATABASE_URL, DATABASE_POOL_SIZE
  • STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET
  • FEATURE_NEW_DASHBOARD, FEATURE_BETA_ACCESS

Pro tip: Use a consistent naming convention like SERVICE_VARIABLE_NAME. For example: STRIPE_SECRET_KEY, SUPABASE_URL, OPENAI_API_KEY. This makes it easy to find and manage related variables.

What's the difference between .env and .env.local?

.env is typically committed to git with placeholder or default values. .env.local contains your actual secrets and should never be committed. Most frameworks load .env.local with higher priority.

Should I use NEXT_PUBLIC_ prefix for all environment variables?

No. Only use NEXT_PUBLIC_ for variables that must be accessible in the browser. Secret keys, database credentials, and API keys should never have this prefix as they would be exposed to users.

How do I set environment variables in production?

Use your hosting platform's environment variable settings. Vercel, Netlify, Railway, and other platforms have dashboards or CLI commands to set production environment variables securely.

Related Articles

Fix Exposed API Keys

Secure hardcoded credentials

Add Proper .gitignore

Prevent accidental commits

Secure Configuration Files

Lock down your config

Verify Your Env Setup

Scan your repository to check for exposed secrets and missing .gitignore entries.

AI Fix Prompts

Move Secrets to Environment Variables with AI