Comments (6)
Is it because of practical concerns, with theory having a hard time manifesting praxis? Or is this a concession with the status quo? Or just a change of mind/understanding? All legitimate ofc.
A little of all of that.
- Practical - it is simpler to maintain a
.env
and.env.production
file. The symmetry makes it easier to make sure you haven't misconfigured your production environment. Too many times I and others have missed an environment file in prod because the UI/config tool is different than the elegant .env file. - Concession - very popular frameworks like Next.js have popularized multiple env files particularly around the
.env.local
mechanism. There is a good use case for this especially as 3rd party cloud services became ubiquitous (which was not the case when .env was first created) - Change of mind - the introduction of the
.env.vault
file makes it much more elegant to manage all your environment variables in.env.environment
files and then encrypt them to a single file and single decryption key on your server. This greatly helps minimize the security risk mentioned in number 1
We learned a lot over the last 10 years as a community. I think acknowledging these needs and introducing the .env.vault
file will give the dotenv pattern at least another decade of heavy usage. It is more important than ever because the other patterns around secret and config management out there are largely proprietary or require keeping a service to be running. I don't like that future so dotenv will continue to carve out the more elegant and accessible solution.
P.S. closing the issue while I'm writing a response, rude ๐
haha. touchรฉ
from dotenv.
Great thoughts and strong exhaustive points @datner.
You're not the only one that has pointed that out about .env.vault
.
Have you seen or tried dotenvx
?
https://github.com/dotenvx/dotenvx
It has a mechanism that allows you to manage multiple .env files by doing something like this:
dotenvx run --env-file=.env.local --env-file=.env -- node index.js
Would that solve your problem?
(dotenvx is taking all the learnings from dotenv and dotenv-vault and trying to wrap them up in a solution that runs everywere and works everywhere. You can use it with .env.vault
or without. Your choice. It's a more flexible tool so that you can mold around your own development flows. It certainly does still recommend using .env.vault
for production but you don't have to if your team lead is against that now. Admittedly, it is a modern approach that will take time for the community to adopt.)
from dotenv.
see the npm
example in the dotenvx README [0] for a drop-in replacement to dotenv. (it still uses dotenv under the hood for parsing of your .env
files so no behavior change/risk. [1])
[1] https://github.com/dotenvx/dotenvx/blob/main/src/lib/main.js#L5
from dotenv.
Thank you for addressing my issue @motdotla !
dotenvx
, and all the other aforementioned tools, setups, scripts, and hacks, would all work just fine. dotenvx
would just be the undisputed best option ofc ๐ . Yes supporting multiple env files was never an issue, even with its quirks. The question was more about the bridging between the theory and praxis.
In a way, the answer can be read as a combined
use .env.vault
and
for this example its fine to use multiple env files
For the former I would try to give it another go, I do believe in this tool.
The latter I want to go a bit more in-depth into
dotenvx
being the next iteration and supporting multiple env files (representing multiple envs) ootb is a foundational shift of ethos from Twelve Factors, going from this to this. I of course could not care less, this is not my project nor do I get money from people abstractly following principles from Twelve Factors. But I'm curious why? Is it because of practical concerns, with theory having a hard time manifesting praxis? Or is this a concession with the status quo? Or just a change of mind/understanding? All legitimate ofc.
Regardless, I'll be migrating to dotenvx
while waiting your answer
P.S closing the issue while I'm writing a response, rude ๐
from dotenv.
These are very astute observations, except one:
give the dotenv pattern at least another decade of heavy usage
I think it's very pessimistic to assume that technology will change in such a fundamental way that env vars would cease to be relevant in the next 10y, and the dotenv pattern long surpassed methodology and 'ascended' to foundational concept.
I'm sure you've heard such sentiments before, but a perfect companion to dotenv (conceptually) is direnv. There is already a lot of overlap, especially for development environments where env vars need to exists statically. for example rusts env!
macro.
If dotenv is exploring new horizons with dotenvx and env.vault, maybe a deeper integration with it could be a worthwhile examination?
from dotenv.
well a lot can change in 10 years but I do agree with you. I was being conservative rather than pessimistic.
If dotenv is exploring new horizons with dotenvx and env.vault, maybe a deeper integration with it could be a worthwhile examination?
exactly. i think we will get there. i think it is our job mainly now to build good tooling around the .env.vault
file. it's a very elegant solution to a hard problem. as tooling and education on it gets better I think tools like direnv could also adopt it. but in the spirit of open source i think it best we focus on our task and allow other tools to play things out as they wish (or as devs request it from other tools). i think it's best for the community and the industry when it happens that way.
from dotenv.
Related Issues (20)
- Example usage links not working HOT 2
- only the page with require("dotenv").config is seeing values HOT 2
- NodeJS 18 native feature caveats and `dotenvx` HOT 7
- Archive repo HOT 3
- Bug: `_parseVault()` doesnโt respect `processEnv` option. HOT 3
- Can we throw or stop execution through .env? HOT 3
- Readme links to nonexisting example page HOT 2
- override system variables HOT 2
- Cannot find module 'node:url' or its corresponding type declarations HOT 4
- In ES6 DOTENV enviroment not getting HOT 2
- Use of dotenv in a cron job with ES6 modules HOT 2
- Links in examples section on NPM package page are broken HOT 1
- DotenvPopulateOutput typing is incorrect HOT 1
- Request for help! HOT 3
- Possible regression: `USERNAME` in .env file does not update process.env on Windows HOT 9
- Using an array for config.path does not work HOT 1
- Crypto HOT 1
- Troubleshooting dotenv Preloading in GitHub Actions HOT 3
- Multiple paths in config: README incorrect? HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dotenv.