Gitignore of .env file

I have a question, If you are doing gitignore of .env then how will you provide sensitive information while the time of hosting.

For example how will I provide my cloud database password and URL?

As I understand, gitignore just stops git from pushing your .env to GitHub. It doesn’t stop the server that you are currently running from from using the file.

Like if I am online cloud database
its URL and password is saved in .env file
Then How will my hosting server know that database passowrd and url
as I am importing env variables in other files
like
require(‘dotenv’).config()
const URL = process.env.MONGO_URL

You have to login to the hosting server and set it up with a new .env

(Or copy over your local .env to the hosting server directly, bypassing GitHub)

Then what is the point of hiding it in the first place for sequrity. Many people tell to put .env in gitignore that is what I not able to understand.

And if I pass .env file then other team members might get credentials. Which you don’t want.

Hey! You can add your local environment variables inside of the .env file and then add the filename to the .gitignore file so its not submitted to github which is very important for the security of the software as you mentione.

To my knowledge, All of the hosting providers provide a way for you to add each environment variable directly on your dashboard and since that code is run on the server, nothing is revealed to the client or other developres working on the project.

I tried to search for the same on heroku and vercel but could not find how to add env variables through dashboard

the system i use also doesn’t have this option. So my solution is simply to make a new file on the system (or upload the file to the system)

Are you sure you looked hard enough? :joy:

open any vercel project, then click on the settings tab and you can find the environment variables as the 6th option on the sidebar.

and i believe heroku calls them config vars, if you open up any project on hero, go to settings and the second option will be for the config vars/environment variables.


n

1 Like

you might want to check out this video if you want to learn more about these.

do you know if cpanel has these? (that’s the dashboard I use)

Edit: actually nevermind. The hosting service may disable some options anyway but I will check.

I actually haven’t worked a lot with backends or hosting providers since i’m a front end developer myself. I only know about vercel and heroky because they make it a lot easier to take care of that stuff :joy: