07-devops

Environment Variables

07-devops/environment-variables

Environment Variables

Overview

Environment variables configure behavior without hardcoding environment-specific values into the app.


Why It Matters

They separate code from environment and support local, staging, and production differences.


Core Concepts

  • Config is not secret by default, but secrets must still be protected.
  • Variable naming should be predictable.
  • Missing config should fail clearly.

Mental Models

Assume environment differences will happen. Make them explicit and observable.


Best Practices

  • Document required variables.
  • Validate configuration at startup.
  • Keep secrets out of client bundles when possible.

Common Mistakes

  • Hardcoding environment-specific values.
  • Shipping undefined config and hoping for the best.
  • Mixing public and private variables carelessly.

Trade-offs

Centralized configuration is convenient, but it can hide which values are safe to expose.


Decision Framework

Variable typeWhere to use
Public configClient-safe environment vars
SecretServer-only env vars
Environment-specific URLApp config layer

Examples

  • Fail fast when a required API URL is missing.

Checklists

  • Are required values validated?
  • Are secrets kept server-side?
  • Is the naming convention consistent?

Senior Engineer Notes

Senior engineers treat config as part of system correctness. Undefined environment values are production bugs waiting to happen.


Further Reading