.env deep dives
Longer articles. Real incidents. Honest comparisons.
The .env file security checklist (15 items, 2026)
Everything you should check before pushing, sharing, or deploying a .env — from .gitignore entries to rotation policy. Printable 15-item checklist.
dotenv vs process.env in Node.js: the real difference
dotenv is the library that loads a file. process.env is the global Node provides. They work together — here's where each starts and ends, with examples.
Environment variables playbook (2026)
What env vars actually are, how to set them across shells and frameworks, why they break production, and the 7 rules we follow after shipping too many broken deploys.
Where to store API keys: dev, staging, and prod (2026)
Stop putting API keys in source code. A concrete playbook for local dev, staging, and production — with the exact tools and trade-offs for each tier.
How to share .env variables with your team
A practical comparison of the five common ways to share environment variables — from 1Password Secrets Automation to encrypted file transfer — with real trade-offs.
The 10 most-forgotten .env variables
NODE_TLS_REJECT_UNAUTHORIZED, TZ, NEXT_TELEMETRY_DISABLED, and 7 more. The env vars developers forget to set that cause outages at the worst possible time.
How to validate a .env file: 5 ways (2026)
From a one-line grep to full CI-time schema validation — every way to check a .env before it hits production, with code for Node.js, Python, and Go.