// app/api/route.js export async function GET() const db = await myDB.connect( host: process.env.DB_HOST, username: process.env.DB_USER, password: process.env.DB_PASS, ) // ...
.env .env.production .env.development
import z from 'zod';
When a new developer joins the project, their onboarding step is simple: Clone the repository. Run cp .env.example .env.local in their terminal. .env.local
# This is a comment in a .env.local file PORT=3000 DATABASE_URL="postgresql://localhost:5432/my_local_db" ANALYTICS_API_KEY=xyz123abc456 # Use quotes if your value contains spaces APP_NAME="My Awesome App" Use code with caution. Formatting Rules to Remember:
The Definitive Guide to .env.local: Managing Local Environment Variables
If the file was previously committed, its contents remain in your Git history. Rotate any exposed secrets immediately (change passwords, regenerate API keys). Consider using tools like BFG Repo-Cleaner or git filter-branch to purge the history—but know that this rewrites Git history for all collaborators. // app/api/route
When you have multiple environment files, the framework needs to decide which value wins. This is where comes in—and it's crucial to understand.
Modern web frameworks (such as Next.js, Vite, Nuxt, and Create React App) look for multiple .env files to determine which values to load. They follow a specific hierarchy, or order of priority, when loading these files.
The most important rule: to version control. It belongs in .gitignore , period. Better yet, keep both .env and .env.local out of Git by using a wildcard rule like *.local , except for a !.env.example file that contains only placeholder values. If you suspect the file might have been committed in the past, you can check the repository history with: # This is a comment in a
# .gitignore
Depending on your framework, you can access these variables via process.env . process.env.DB_HOST
Use .env.local for and personal machine overrides (e.g., DATABASE_PASSWORD=my_secret_dev_pass ). Troubleshooting Common Errors Changes to .env.local Are Not Taking Effect
