.env.sample ((link)) -

# =========================================== # DATABASE CONFIGURATION # ===========================================

# Other settings LOG_LEVEL=INFO CORS_ORIGIN=http://localhost:3000

# Port for the database. Default Postgres port is 5432. DB_PORT=5432 .env.sample

: Real .env files should always be in your .gitignore to prevent leaking secrets. The .env.sample is safe to commit because it contains no sensitive data.

DB_HOST=localhost DB_PORT=5432 DB_USER=app_user DB_PASSWORD=changeme DB_NAME=myapp_dev Tools like HashiCorp Vault, AWS Secrets Manager, or

const dbUrl = process.env.DATABASE_URL; if (!dbUrl) console.error('Missing DATABASE_URL in .env file'); process.exit(1);

!.env.sample !.env.example

Whenever you add a new environment variable to your local .env file during development, immediately add the placeholder key to .env.sample in the same pull request.

While .env.sample is excellent for development, production environments benefit from dedicated secret management solutions. Tools like HashiCorp Vault, AWS Secrets Manager, or cloud provider-specific solutions provide more robust security for production credentials. The sample file can still serve as documentation for what variables need to be provided, even if they're injected through other means. Tools like HashiCorp Vault