F3. Environment settings
What this page helps you do
Store sensitive values and environment-specific settings outside your code.
Why it matters
Apps usually need things that change between local and production, like API keys, database URLs, or app URLs. If those values live in code, they get leaked, drift between environments, or break deploys.
You should already have
- a GitHub repo
- some idea of which external services your app depends on
Skip this page if
- your app truly has no external settings, secrets, or environment-specific values
What to do
- move sensitive values out of code
- keep a
.env.exampleor similar sample file without real secrets - document what each setting is for
- make sure production values live in your hosting provider, not in the repo
Recommended default
Use a small, documented set of environment variables and keep the names consistent across local and production.
Common mistakes
- committing
.envfiles - using different variable names in every environment
- forgetting to document which values are required at startup
Next step
Go to F4. Run your app locally.
Related pages
Advanced notes
TODO for contributors: add a tiny .env.example pattern with comments for common stacks like Next.js, Node, and Python web apps.