Glossary

Environment Variables are dynamic named values that allow applications and their underlying operating system to modify configuration settings without directly changing code. They are often used to store sensitive information like API keys or database connection strings, enabling the creation of different configurations with the same code.

Each environment variable consists of a specific name that maps to a corresponding value, stored as a pair in a configuration file. A .env file is a common type of configuration file, though some secrets management systems use others. Additionally, using clear naming and storage conventions for environment variables across teams and environments prevents confusion and improves developer satisfaction and efficiency.

Applications access the values of these environment variables through the operating system, retrieving the necessary configuration data rather than storing it within the code itself. This means that code can be shared and inspected without revealing sensitive information. Using environment variables in this way avoids the security vulnerabilities associated with hardcoded secrets.

The ability to generate different configurations means the same code can easily be used across different environments, like staging, production, or deployment, without significant modification since the true values represented by these environment variables are stored outside of the application itself. Using different values in different environments also allows developers to customize application behavior based on user settings.

In collaborative environments, keeping environment variables up-to-date across the team prevents wasted time spent debugging version mismatches. Since environment variables often represent sensitive or critical information, it’s important that they are stored and transmitted among team members securely. Plaintext secrets transmitted over internal messaging services (email, slack, teams, jira) are a common entry point for hackers and are behind many significant data breaches. Though sharing plaintext secrets files in this way can be very convenient, a single compromised account can cause massive damage.