为什么不应该检入dotenv文件? [英] Why dotenv files should not be checked in?

问题描述

我是 nodejs 的新手，所以如果我的问题太琐碎，请原谅我. 我正在使用 dotenv 创建一个 envirornment 文件.

I'm new to nodejs, so forgive me if my question is too trivial. I'm creating an enviornment files using dotenv.

但是，他们建议在其网站上，建议不要签入 .env 文件. 因此，我想知道是否未检入此文件，如何将应用程序需要的 environment 变量告知其他开发人员.他们需要填写环境变量的 values ，因为它可以在 js (服务器，配置)文件中的所有位置使用. 查看使用env变量的每个文件并进行替换将是不平凡的事情?除非我完全没有什么东西.

However, on their WebSite, they recommend against checking in .env file. So, I was wondering if this files is not checked in , how will I tell the other developers about the environment variables that the application needs. They would require to fill out the values of environment variables because it could be used in all the places in the js (sever, config) files. And it would be non-trivial to look at every files that uses env variables and replace? Unless I'm missing something entirely.

非常感谢您的帮助.

推荐答案

环境变量通常用于特定于环境的配置值，例如数据库凭据，API端点等.由于它们是特定于环境的，并且通常包含敏感数据(如数据库凭据)，因此不应提交.env文件.

Environment variables are typically used for environment-specific configuration values, like database credentials, API endpoints, and so on. Since they're environment-specific, and usually hold sensitive data like database credentials, .env files should not be committed.

如果要显示使用了哪些环境变量，一种方法是创建并提交示例文件:

If you want to show which environment variables are used, one method is to create and commit a sample file:

.env.sample

DB_HOST=localhost
DB_USERNAME=
DB_PASSWORD=
DB_DATABASE=our_project

然后由其他开发人员复制它们并创建自己的.env文件(或仅在其系统中填充相关的环境变量).

Then it's up to the other developers to copy the same and create their own .env file (or just populate the relevant environment variables on their system).

这篇关于为什么不应该检入dotenv文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！