How to maintain security with .env on

I understand what a .env file is and why it is important. I understand how to create this in VSCode. I do not understand how to keep my .env file private on to fulfill the FCC .env problem.

Are .env files automatically private on Here is a screen shot of my file and folder setup. How is my .env file private? May someone please explain a little more about the .env process on

Thank you!

Hello there,

Yes. In general, it is best to check whichever platform you are using’s docs about their impl of this. Although, the implementation is almost identical across the popular online editors (, Glitch, CodeSandbox).

As I understand it, any .env file is automatically hidden. It can be made visible to other users, provided they are invited to join the coding project as members (terminology may vary).

If the link to the project code is merely shared (no invite sent), then the .env variables are not accessible by whoever uses the link.

Hope this clarifies.

1 Like

Yes, this is does clarify the issue for me. Thank you for answering my question. Will keep this in mind moving forward. Happy Friday to you!

Here are the docs for .env files, just for reference.


I did read that section. Thank you. I was concerned that I was not creating the .env in a way that would be recognized as a .env file. I was thinking this .env file has to go under a specific folder to be recognized as such. However, it seems that any .env file is hidden. Wanted to be safe than sorry and check with those who have experience with

1 Like

Like @Sky020 said, I’m pretty sure most online environments are set up to handle .env files correctly (if the environment actually supports .env file).

One option you always have is just to look at the project without being logged in to see what you get access to.

1 Like