.env Files and Glitch with MongoDB Project

I’m a little confused with this project, the repo already has .env listed in the .gitignore, but is asking us to access it through ‘process.env.MONGO_URI’. If it’s ignored then glitch won’t be able to access the password, right? I’m new to this whole backend thing and don’t want to move on without understanding what I’m doing. Currently, my only solution is to remove it from .gitignore, is that the correct thing to do?

Welcome there,

I have moved your post to a new topic, because you were asking a new question, and not answering the original poster.

.gitignore files only affect Git repository behaviour. That is, it just prevents files from being automatically added to a Git stash, on change. The file is still very much accessible.

This has (should have) essentially no effect.

I am not entirely sure what project you are referring to, but here is a rundown of the mechanics:

  • .env files hold environment variables - they are simple text files, but many systems look for that specific name
  • Environment variables are also known as SECRETS, because the variables often contain passwords/tokens which should not be publicly shared
  • Git repositorys can be publicly shared. So, to prevent accidentally sharing your SECRETS, it is best practice to include .env in a .gitignore file
  • Now, if you want to share what environment variables (names) are needed for a project, it is best practice to include a sample.env file (not read by the system). Then, any dev wanting to work on your project will know to copy the contents of sample.env into a new .env file, and the dev will have to add their own variable values (passwords)
  • Typically, in Node projects, a package called dotenv is needed to make use of process.env.<> - it is used to configure the environment.
  • Glitch is a special system in that some functionality is built in - it looks for a .env file, and allows access to the variables via process.env.<> without any further configuration.

Now, if you are still confused, I suggest you share your code, keeping in mind, if you share a link to your Glitch project, we will not be able to access/see your .env file - built-in Glitch feature.

A final warning: Do not share your Database URI!

I hope this clarifies

This question refers to the MongoDB & Mongoose Course in the APIs and Microservices Cert. Link

So I don’t think I explained it well.

Basically, since the .env file contains the URI which shouldn’t be public, my understanding is that it should always be included in the .gitignore file.

But by doing so, Glitch can’t read that file from the Github repository, at least that’s my experience from using Glitch.

So, what I’m asking is, do I have to manually put the URI in Glitch’s .env file system. Or is there a different way of reading the SECRETS in a .env file.

The main reason I’m looking for clarification on the .gitignore system is that in a real-world project, how would the .env file be read if it’s being ignored.

Hopefully, that was clearer :slight_smile:
Apologies if these questions are ridiculous, it’s just very confusing.

you need to set up environment variables in glitch itself too, but do not publish the .env file in github, glitch should have its own way to protect secrets from viewers.

Thank you, for the clarification.

I believe I answered these questions, in my previous reply, though.

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.