Environment variables and secrets
What an environment variable is, and the three places they typically live:
- Shell rc files (
~/.zshrc) — for things you want everywhere - Project
.envfiles — for per-project config; loaded bypython-dotenv,direnv, or your framework - Secret managers — 1Password CLI, AWS Secrets Manager, etc., for anything sensitive
Rules:
- Never commit
.envfiles. Add them to.gitignore. - Provide a committed
.env.exampleshowing required keys with empty values. - Treat API keys, database URLs, and tokens as secrets even in coursework.