Only commit .env.example . This file should contain the keys but leave the values empty or set to "placeholder."
.env-production : Used on the live server that your actual customers interact with. This file contains highly sensitive, high-privilege credentials and has debugging modes strictly turned off . Syntax of a .env- File Only commit
# Server Configuration PORT=3000 NODE_ENV=development # Database Configuration (Do not commit actual passwords!) DB_HOST=localhost DB_USER=root DB_PASS=your_secure_password_here DB_NAME=my_app_db # Third-Party APIs STRIPE_SECRET_KEY=sk_test_placeholder Use code with caution. Syntax of a
To ensure your application remains secure and easy to maintain, follow these industry-standard practices: Never Commit .env to Version Control Unlike a standard
The dotenv package is the standard for Node.js. To support .env- files, use the path option.
Unlike a standard .env file, which a local application reads by default, suffixed files act as blueprints or stage-specific repositories. Common Variations and Their Use Cases
Matrixia © 2026