Environment Variables Done Right: Stop Hardcoding Secrets

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • MyrinNew
    Senior Member
    • Feb 2024
    • 5168
    #1

    Environment Variables Done Right: Stop Hardcoding Secrets

    Environment Variables Done Right: Stop Hardcoding Secrets

    Your .env file is in git. Your database password is in plain text. Your JWT secret is the same in dev and prod.


    The Basics





    import { z } from "zod";
    const envSchema = z.object({
    DATABASE_URL: z.string().url(),
    JWT_SECRET: z.string().min(32),
    PORT: z.coerce.number().default(3000),
    NODE_ENV: z.enum(["development", "production", "test"]),
    });
    export const env = envSchema.parse(process.env);







    App crashes at startup if any env var is missing or wrong type. No more runtime surprises.


    Secret Management in Production

    Never store secrets in .env files in production. Options:

    1. Cloud provider secrets: AWS Secrets Manager, GCP Secret Manager, Azure Key Vault
    2. HashiCorp Vault: Self-hosted, dynamic secrets, auto-rotation
    3. Kubernetes secrets: Base64 encoded (not encrypted), use sealed-secrets or external-secrets operator


    .gitignore Rules





    .env
    .env.local
    .env.production







    Commit .env.example with placeholder values. Never commit actual secrets.


    Secret Rotation

    Rotate secrets without downtime: support TWO valid secrets simultaneously during rotation. Accept both old and new JWT secrets during a transition window.





    Part of my Production Backend Patterns series. Follow for more practical backend engineering.




    More...
    Tags: None
    Previous template Next
    Sober Group
    Community & Recovery
    Privacy Policy Terms of Service Disclaimer
    For Educators
    Learning Center Truth Initiatives News and Updates Documentation Forums Recovery Seminars
    For Recovery
    Recovery Resources Sober Group App 12 Step National Meetings Halfway House The Place Sober Living Sober Group Store
    For Sponsors
    Sponsor Ad Placements Control Your Drinking Volunteer Opportunities Classifieds — Free Ads Addiction Intervention Author Portal
    For Professionals
    Addiction Treatment Marketing Advertising Services Website Development Technical Helpdesk Call Center Help Line Developer Resources Outpatient Resources
    © 2025. Sober Group is a registered DBA of MyNew Technologies, LLC, a technology firm based in Illinois.
    Built by MyNew Technologies, LLC
    We build software tools and community portals. We do not offer medical, clinical, or counseling services.
    Working...

      We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

      By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

      I Agree