How It Works
Select a framework preset to pre-fill common environment variables with sensible placeholder values and descriptive comments. Edit any variable inline, add your own custom entries, or remove ones you do not need. The tool generates two output files simultaneously: a complete .env with all values filled in and an .env.example with values stripped out (safe to commit to version control).
Everything runs in your browser. No credentials or configuration data is sent to any server.
Common Environment Variables by Framework
| Framework | Key Variables | Notes |
|---|---|---|
| Next.js | NEXT_PUBLIC_*, NEXTAUTH_SECRET, DATABASE_URL | NEXT_PUBLIC_ prefix exposes vars to the browser |
| Express | PORT, JWT_SECRET, CORS_ORIGIN, RATE_LIMIT_* | All vars are server-side only |
| Django | SECRET_KEY, DEBUG, ALLOWED_HOSTS, DATABASE_URL | Use django-environ or python-dotenv to load |
| Laravel | APP_KEY, DB_*, MAIL_*, CACHE_DRIVER | Laravel reads .env natively via vlucas/phpdotenv |
| Docker | COMPOSE_PROJECT_NAME, POSTGRES_*, *_PORT | Used in docker-compose.yml with ${VAR} syntax |
| AWS | AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_* | Prefer IAM roles over access keys in production |
ENV File Best Practices
- Never commit
.envto git. Add it to.gitignoreimmediately. Commit.env.exampleinstead so collaborators know which variables are needed. - Use descriptive comments. Future you (or a teammate) will appreciate knowing what
SMTP_PORT=587is for without searching the docs. - Keep variable names UPPER_SNAKE_CASE. This is the universal convention across languages and platforms. Avoid spaces, hyphens, or camelCase.
- Quote values with special characters. If a value contains spaces, equals signs, or hash characters, wrap it in double quotes to prevent parsing errors.
- Use different files per environment. Maintain separate
.env.development,.env.staging, and.env.productionfiles or use a secrets manager for production. - Rotate secrets regularly. API keys, JWT secrets, and database passwords should be rotated on a schedule, not left unchanged for years.
FAQ
What is the difference between .env and .env.example?
The .env file contains actual secret values and should never be committed to version control. The .env.example file lists all required variable names with empty values and comments. You commit .env.example so new developers know which variables to configure, then each developer copies it to .env and fills in their own values.
Which frameworks support .env files natively?
Next.js, Vite, and Create React App load .env files automatically. Laravel uses vlucas/phpdotenv built into the framework. For Express/Node.js, install the dotenv package and call require("dotenv").config() at the top of your entry file. Django uses django-environ or python-dotenv.
Should I use .env files in production?
For small projects, .envfiles work fine in production. For larger deployments, use your platform's secrets management: Vercel Environment Variables, AWS Secrets Manager, GCP Secret Manager, or HashiCorp Vault. These provide encryption at rest, access controls, and audit logs that flat files cannot.
How do I access env vars in Next.js client-side code?
Only variables prefixed with NEXT_PUBLIC_ are exposed to the browser bundle. Server-side variables (without the prefix) are only available in API routes, getServerSideProps, and Server Components. This is a security feature: it prevents database credentials and API secrets from leaking to the client.
Building server configs? Generate .htaccess files or create meta tags for SEO.