As a software solution provider we always are looking for tried and tested software packages, from databases, nosql servers to frameworks and open source implementations that will make our life easier and get us to the final product in a faster way.
This post is dedicated to Dotenv, which implements one of the basic requirements that confidential settings data used for software should not be exposed in the source code. Dotenv loads the environment variables from a file (‘.env’). One advantage is that each server should have a unique .env file and the values are not exposed without direct access to the machine. Another advantage is the .env files are not saved in GIT/CVS/source control.
What are the advantages of storing environment variables in a file? How do you store your credentials in a multi-tenant server without exposing to unauthorized access? Where do you store your specific constant values used in many parts of the software? Dotenv is a solution for those type of questions. In our case we store constant values, credentials, port numbers and other multi use parameters.
The only complain is that you cannot define the type of the variable stored as a pair-value. In the example below
when you load the .env file, the API_PORT is a string, instead of a number and the same applies for the DATE_UPDATE. We are thinking of having an extended version such as:
where the data type is also stored in the file.