Chapter 12: Environment Variables
Chapter 12 of 15
Chapter 12: Environment Variables
12.1 Using process.env
Environment variables store configuration that varies between environments. Access them via process.env.
// Access environment variables
const port = process.env.PORT || 3000;
const dbUrl = process.env.DATABASE_URL;
const nodeEnv = process.env.NODE_ENV || 'development';
// Use in application
const server = http.createServer((req, res) => {
res.end('Hello World');
});
server.listen(port, () => {
console.log(`Server running on port ${port}`);
});
Common Environment Variables:
- NODE_ENV: Environment (development, production, test)
- PORT: Server port number
- DATABASE_URL: Database connection string
- API_KEY: External API keys
- JWT_SECRET: Secret for JWT tokens
Setting Environment Variables:
// Windows
set PORT=3000
set NODE_ENV=production
// Linux/Mac
export PORT=3000
export NODE_ENV=production
// Or inline
PORT=3000 NODE_ENV=production node app.js
12.2 .env Files
Use dotenv package to load environment variables from .env files.
// Install dotenv
// npm install dotenv
// Load at start of application
require('dotenv').config();
// Now access variables
const dbUrl = process.env.DATABASE_URL;
const apiKey = process.env.API_KEY;
.env File Format:
# .env file
PORT=3000
NODE_ENV=development
DATABASE_URL=mysql://user:pass@localhost:3306/mydb
API_KEY=your-api-key-here
JWT_SECRET=your-secret-key
Security Best Practices:
- Never commit .env files to version control
- Add .env to .gitignore
- Use .env.example as template
- Don't store secrets in code
- Use different .env files for different environments
12.3 Environment Configuration
Organize configuration based on environment.
// config.js
const config = {
development: {
port: 3000,
dbUrl: 'mongodb://localhost:27017/devdb'
},
production: {
port: process.env.PORT,
dbUrl: process.env.DATABASE_URL
}
};
const env = process.env.NODE_ENV || 'development';
module.exports = config[env];
12.4 Environment Variable Best Practices
Follow best practices for environment variables.
- Use descriptive variable names
- Document required variables
- Provide default values when appropriate
- Validate required variables on startup
- Use different values per environment
- Keep sensitive data in environment variables