Beginner’s Guide to Environment Variables

Environment variables allow us to keep values on our local and production environments distinct and safe as we develop our app.

We can understand an environment as the context in which code is being executed—all the variables, objects, functions available to the code. We can think of an environment as a unique machine executing code.

In programming, most of the time we use two main environments: development and production.

The development environment is your local computer. The editors/IDEs you use to write code. The compilers and interpreters that you use to run and execute code on your machine. The operating system installed on your machine. The local network capacity and connectivity.

Everything installed on your machine is under your development environment. Whenever you hear someone referring to “development environment” remember that they are talking about developing something on their computer.

The production environment is the final product. The live product that your customers will use daily and interact with.

What Are Environment Variables

Environment variables are determined values to provide the ability that can affect the way programs, applications and services will behave. We can use environment variables to affect and change the way our applications run.

An environment variable is made up of a name/value pair, like this:

API_KEY=1234567890

Environment variables are typically named in uppercase, with words joined with an underscore (_), e.g., API_KEY.

We can list all the environment variables that we have on our computer using the set command (Windows users only):

set

We can check specific environment variables using the following command (Windows users only):

echo %[variable_name]%

For Mac/Linux users, we can list all the environment variables that we have on our computer using the env command:

env

To print the value of a particular environment variable, use the command:

echo $variable_name

How Are Environment Variables Useful?

As you can imagine, both development and production environments are very important. Whenever we want to develop a new application, we’re going to end up using both environments.

The most common use case for environment variables is being able to set up different configuration options for both environments.

Most of the time, when we’re developing some new application/service, we have to use plenty of third-party services. We want to use them correctly in both environments and don’t want to create any errors or bugs.

Environment variables are useful for setting up different configuration options and decreasing the chances of creating some unexpected error or bug on our third-party services.

Another benefit of using environment variables is that we can make our application predictable. We won’t have to change anything on our code, just the configuration outside of it. It helps to maintain the predictability of the application, and, in cases where we want to change the environment variables, again we can do it very easily.

Are Environment Variables Secure?

Environment variables are determined values that can store anything. Passwords, API endpoints, etc. There are many different things that we can use environment variables for and making sure that these variables are safe should be a priority.

One of the most important points for environment variables is keeping them secure. You should make sure that no one who shouldn’t have access to them can read/change these variables. You want to make sure that you’re not storing your environment variables in non-secure ways, such as in plain text files.

If you’re working with a git repository, make sure that you’re not exposing your environment variables inadvertently. There are many evil people creating bots with the sole purpose of trying to scan GitHub for keys.

To make sure that you’re not exposing your environment variables in your git repository, you can add a new filename inside your .gitignore file:

.env

You can have as many env files as you want. Most of the time, you’re going to use at least two env files—one for production and one for development. It is a common practice to name the development environment file as .env.development. The production environment file is often named .env.

You can add them both on your .gitignore and make sure that all your environment variables are safe and are not going to be available for everyone to see:

.env
.env.development

Conclusion

Whenever we’re developing some new application/service, we want to use different values for both environments. We don’t want to make changes in our development environment that can reflect on our production environment. It could introduce new bugs to our application, create unexpected side effects and even crash our whole application/service.

Environment variables provide a good way to affect and change the way our applications run. Using environment variables is a common practice nowadays and it’s an important piece for software development.

Every modern application that you use is using environment variables underneath. They enable us to make use of different values in different environments. Their benefits are huge and it makes our applications more predictable. They help maintain predictability and whenever we want to change our values we can do it easily without having to change any code.