Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Loading both .env & .env.* dangerous? #37

Closed
thibaudgg opened this issue May 21, 2013 · 6 comments
Closed

Loading both .env & .env.* dangerous? #37

thibaudgg opened this issue May 21, 2013 · 6 comments

Comments

@thibaudgg
Copy link

Hi,

I use heroku-config to pull production env variables from Heroku to .env locally, so having Dotenv loading both .env and .env.development|test can potentially result of having production variable in test env. Not good :)

Wouldn't be safer to skip loading .env file if a .env.* file is present?

Thoughts?
@bkeepers
Copy link
Owner

I would highly recommend not pulling production configs locally. In my projects, I consider .env as development only, and check it in to version control. I also use the .env file as documentation for what is needed to run the app. Here's the .env for SpeakerDeck.com

###############################################################################
# Development
# These are development-only settings and should be overridden in production.
###############################################################################

APP_HOST=speakerdeck.dev
APP_PROTOCOL=http
GITHUB_APP_KEY=x
GITHUB_APP_SECRET=x
INSTRUMENTAL_API_KEY=x
S3_ACCESS_KEY=x
S3_SECRET_ACCESS_KEY=x
S3_BUCKET=speakerdeck-dev
# Tell Resque to properly handle unix signals
TERM_CHILD=1
QUEUE=users,mailer,talks,decks,slides,search,*

### Optional development variables
# Define these in .env.development if you want to set them

# Use local file uploads instead of S3
# S3_UPLOADS=false

# Use github.dev instead of github.com
# LOCAL_GITHUB=true

###############################################################################
# Production
# These variables should also be defined in production
###############################################################################

# IMAGE_PROXY_URL
# GAUGES_ID
# GOOGLE_ANALYTICS_ID
# EXCEPTIONAL_API_KEY

@thibaudgg
Copy link
Author

Make sense thanks, we'll forbid heroku-config usage :)

@twe4ked
Copy link

twe4ked commented Jun 2, 2013

Maybe there should be a warning if two env files are being loaded? I had a .env.example file and I didn't realize it was being loaded therefore overriding the settings in my .env file.

@bkeepers
Copy link
Owner

bkeepers commented Jun 3, 2013

Can you give me more information? It should only load .env and
.env.#{environment}.

On Saturday, June 1, 2013, Odin Dutton wrote:

Maybe there should be a warning if two env files are being loaded? I had a
.env.example file and I didn't realize it was being loaded therefore
overriding the settings in my .env file.


Reply to this email directly or view it on GitHubhttps://github.com//issues/37#issuecomment-18801337
.

@mdespuits
Copy link

Any update on this?

@twe4ked
Copy link

twe4ked commented Jul 29, 2013

After looking at the code it doesn't seem like it could have ever loaded .env.example. Not sure what happened I must have had some other issue. Sorry.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bkeepers @thibaudgg @twe4ked @mdespuits