Glossary

Instead of writing values containing or granting access to sensitive information directly into code, developers substitute environmental variables at those locations and store the actual values in a separate file referred to as a .env file. This .env file is a list of both the named environment variables and the actual values that will be substituted in for them. When loading .env files as environment variables, the file is ready before the code is executed, giving the program access to the values it needs.

Since the .env file is separate from the code itself, the code can be easily shared or updated without exposing the actual values of this sensitive information. Creating and using .env files allows developers to access and collaborate on their code without the risk of leaking sensitive information, since even if a hacker gains access to the code, none of the database URLs or API keys will be available to them.

Using .env files isn’t a perfect solution for storing sensitive values, though. In a fast-paced environment, developers collaborating on a project will need to synchronize their .env files or risk generating errors associated with version mismatch. Sharing .env files quickly and securely is both time-consuming and prone to error.

A developer working in a single environment may not waste a significant amount of time. Still, multiple developers working in multiple environments with hundreds of secrets between them may find themselves spending upwards of 10 hours a week managing secrets and debugging mismatches, drastically decreasing their efficiency.

The time wasted from secrets sprawl leads to one of the most common errors in sharing .env files. To reduce time spent on secrets management, developers often resort to sending them in plaintext over an internal messaging service, like email. Suppose either email account becomes compromised by clicking on a phishing or other scam email. In that case, the hacker will gain access to everything those plaintext secrets grant access to, which might include highly sensitive customer data.

Check out our tips on updating your .env files with Doppler!