ENV (.env) file
Also known as: dotenv, .env, environment file, env variables file
A .env (dotenv) file is a plain-text file that stores configuration as KEY=value lines, typically secrets like API keys, passwords, and database URLs that an app reads at startup. Because it holds credentials, it should never be committed to a public repository.
- Plain-text KEY=value pairs read at app startup
- Often holds secrets — keys, passwords, database URLs
- Should be excluded from git via .gitignore
What goes in a .env file
A .env file keeps an app’s environment-specific settings out of its source code. Each line is a single `KEY=value` pair — for example, `API_KEY=...` or `DATABASE_URL=...` — that the program loads into environment variables when it runs.
The point is separation: the same code can run on a laptop, a test server, and production by swapping the .env file, so passwords and keys never get hard-coded into the program itself.
Why it is sensitive
Because a .env commonly holds real secrets, it is almost always excluded from version control with a .gitignore entry and shared instead as a stripped `.env.example` template. Committing a real .env to a public repo is a frequent cause of leaked credentials.
The file is plain text and tiny, so it costs no meaningful space. Never delete one you did not create — an app that relies on it may stop working until the values are restored.