Environment Variables
Overview
Environment variables configure behavior without hardcoding environment-specific values into the app.
Why It Matters
They separate code from environment and support local, staging, and production differences.
Core Concepts
- Config is not secret by default, but secrets must still be protected.
- Variable naming should be predictable.
- Missing config should fail clearly.
Mental Models
Assume environment differences will happen. Make them explicit and observable.
Best Practices
- Document required variables.
- Validate configuration at startup.
- Keep secrets out of client bundles when possible.
Common Mistakes
- Hardcoding environment-specific values.
- Shipping undefined config and hoping for the best.
- Mixing public and private variables carelessly.
Trade-offs
Centralized configuration is convenient, but it can hide which values are safe to expose.
Decision Framework
| Variable type | Where to use |
|---|---|
| Public config | Client-safe environment vars |
| Secret | Server-only env vars |
| Environment-specific URL | App config layer |
Examples
- Fail fast when a required API URL is missing.
Checklists
- Are required values validated?
- Are secrets kept server-side?
- Is the naming convention consistent?
Senior Engineer Notes
Senior engineers treat config as part of system correctness. Undefined environment values are production bugs waiting to happen.