// Rules for .env file handling, .env.example template format, and what's allowed vs forbidden. Use when working with environment variables, API keys, or configuration files.
[HINT] Download the complete skill directory including SKILL.md and all related files
| name | environment-files |
| description | Rules for .env file handling, .env.example template format, and what's allowed vs forbidden. Use when working with environment variables, API keys, or configuration files. |
This skill provides comprehensive guidance on handling environment files, including .env files, .env.example templates, and security best practices.
Environment files contain sensitive configuration data that must be handled carefully. This skill defines what's allowed and forbidden when working with environment variables.
CRITICAL FILES - DO NOT MODIFY WITHOUT EXPLICIT INSTRUCTION:
.env files: Never commit or modify environment files (except .env.example templates).env.local, .env.development, .env.production - All actual environment files.env.exampleALLOWED:
.env.example - template showing required environment variables (no actual secrets)KEY_NAME=example_value_here (with descriptive placeholder values)Example .env.example:
DATABASE_URL=postgresql://user:password@localhost:5432/dbname
NEXT_PUBLIC_API_URL=http://localhost:3000/api
OPENAI_API_KEY=sk-your-api-key-here
When creating .env.example files:
Use descriptive placeholders:
sk-your-api-key-here (not actual keys)postgresql://user:password@localhost:5432/dbname (example connection string)http://localhost:3000/api (example URLs)Include comments when helpful:
# Database connection string
DATABASE_URL=postgresql://user:password@localhost:5432/dbname
# Public API endpoint
NEXT_PUBLIC_API_URL=http://localhost:3000/api
Document required vs optional:
# Required: API key for external service
OPENAI_API_KEY=sk-your-api-key-here
# Optional: Override default port
PORT=3000
FORBIDDEN:
.env, .env.local, .env.development, .env.production, or any other .env filesFORBIDDEN:
.env files to version control.env may not be persisted. For backend tasks, prefer defensive defaults in code (e.g. process.env.REDIS_URL || 'redis://localhost:6379') and document in .env.example..env in the repo; only create or update .env.example and document that users copy it to .env locally. Never commit .env.BCRYPT_ROUNDS) for dev vs prod so tests can be fast without editing source.Always ensure .env files are in .gitignore:
.env
.env.local
.env.development
.env.production
.env*.local
.env.example up to date with all required variablesBefore committing code, verify:
.env files are staged for commit.env.example contains only placeholders.gitignore includes .env patternsThis skill works with:
.env files are properly ignored# Create template file
cat > .env.example << EOF
# Database
DATABASE_URL=postgresql://user:password@localhost:5432/dbname
# API Keys
OPENAI_API_KEY=sk-your-api-key-here
# Server Configuration
PORT=3000
NEXT_PUBLIC_API_URL=http://localhost:3000/api
EOF
# Check if .env is ignored
git check-ignore .env
# Verify .gitignore contains .env patterns
grep -E "\.env" .gitignore
Before committing, verify .env.example:
Solution:
git rm --cached .env.gitignore: echo ".env" >> .gitignoregit status should not show .envSolution:
git filter-branch or BFG Repo-Cleaner if needed.gitignore to prevent future commits# Database Configuration
DATABASE_URL=postgresql://user:password@localhost:5432/dbname
# API Keys (get from service provider)
OPENAI_API_KEY=sk-your-api-key-here
STRIPE_SECRET_KEY=sk_test_your_stripe_key_here
# Application Settings
NODE_ENV=development
PORT=3000
NEXT_PUBLIC_API_URL=http://localhost:3000/api
DATABASE_URL=postgresql://realuser:realpassword@realhost:5432/realdb
OPENAI_API_KEY=sk-proj-actualRealKey123456789
Never include actual secrets, even in example files!