Node.js Lesson 12: Environment Variables
Environment variables keep secrets (API keys, passwords, database URLs) out of your code. Never hardcode secrets. Never commit .env to git.
dotenv Setup
npm install dotenv
# Create .env file in project root:
PORT=3000
DB_URL=mongodb://localhost:27017/mydb
JWT_SECRET=my_super_secret_key_change_this
API_KEY=sk-abc123
NODE_ENV=development
# CRITICAL: add .env to .gitignore!
echo ".env" >> .gitignore
Using Environment Variables
// At the TOP of your entry file (app.js)
require("dotenv").config();
// Now process.env has all your .env variables
const PORT = process.env.PORT || 3000;
const DB_URL = process.env.DB_URL;
const JWT_SECRET = process.env.JWT_SECRET;
const isDev = process.env.NODE_ENV === "development";
if (!DB_URL) {
console.error("FATAL: DB_URL not set!");
process.exit(1);
}
app.listen(PORT, () => {
console.log(`Server on port ${PORT} [${process.env.NODE_ENV}]`);
});
Config Module Pattern
// config/index.js — centralize all config
require("dotenv").config();
module.exports = {
port: Number(process.env.PORT) || 3000,
db: {
url: process.env.DB_URL,
name: process.env.DB_NAME || "myapp"
},
jwt: {
secret: process.env.JWT_SECRET,
expiresIn: process.env.JWT_EXPIRES || "7d"
},
isDev: process.env.NODE_ENV !== "production"
};
// In any other file:
const config = require("./config");
app.listen(config.port);
🏋️ Practice Task
Add dotenv to your project. Create a .env file with PORT, APP_NAME, SECRET_KEY. Create a config/index.js that loads and validates these (throw an error if SECRET_KEY is missing). Create a .env.example file with placeholder values that IS committed to git.
💡 Hint: const required = [“SECRET_KEY”,”DB_URL”]; required.forEach(key => { if (!process.env[key]) throw new Error(key + ” is required”); });