Create-react-app: .env in source control ?

Created on 18 Jun 2017  路  4Comments  路  Source: facebook/create-react-app

I am wondering why you recommend to put environment variable into source control in your README.

dotenv says:
"We strongly recommend against committing your .env file to version control."

And from the twelve-factor app:
"Env vars are easy to change between deploys without changing any code; unlike config files, there is little chance of them being checked into the code repo accidentally;"
https://12factor.net/config

Isn't it the whole purpose of having separate .env files/environment to not put in source control secret keys?
thanks.

[EDIT]
It is true that there is nothing like "secret' in frontend apps :) So I understand that being in source control or not should not bring any security issue.

What I am tying to achieve is to have .env file in a "staging" environment and being able to build with that environment by running:

NODE_ENV=staging npm build

I read in the docs that we cannot manually override the NODE_ENV. I understand the "production build" part but why not just set the build to a "production one" internally (uglify, minify, tree shaking...) for all the environment that are not "development" or "test". That way we could have different config/environment

  • .env.staging
  • .env.acceptance
  • ...

Cheers.

question
Source
picture sebelga
👍1

Most helpful comment

ok thanks for the reply, hadn't seen #1344.

I got it working by using

- .env.development.local // development
- .env // staging
- .env.production // production

Then when I build with Jenkins my staging release, I delete the production config wit rm -f .env.production before the build.
Still didn't get what was wrong in having different .env file per environment but it's ok :)

picture sebelga on 18 Jun 2017
👍3

All 4 comments

.env files for front-end code should be checked in, because as you said, it contains no secrets. Additionally, these .env files affect build-time, not runtime behavior.

Per https://github.com/facebookincubator/create-react-app/pull/1344, we are strictly supporting environment files which fall under the official specification.

There has been discussion before but I'm pretty sure we're not going to allow manually setting NODE_ENV anytime soon.
If you'd like this level of granularity and feel comfortable with these configs, please eject and configure them yourself.

Timer picture Timer on 18 Jun 2017

I'll close this as a duplicate (proposal) of https://github.com/facebookincubator/create-react-app/issues/790, thanks!

Timer picture Timer on 18 Jun 2017

ok thanks for the reply, hadn't seen #1344.

I got it working by using

- .env.development.local // development
- .env // staging
- .env.production // production

Then when I build with Jenkins my staging release, I delete the production config wit rm -f .env.production before the build.
Still didn't get what was wrong in having different .env file per environment but it's ok :)

sebelga picture sebelga on 18 Jun 2017
👍3

Hey guys, i'm late to the party but i resolved this with a lib called env-cmd, who works like dotenv but with files. And i builded my app with the following:
env-cmd .env.custom npm run build.

bruno-vinicius picture bruno-vinicius on 14 Jun 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dualcnhq picture dualcnhq  路  3Comments
oltsa picture oltsa  路  3Comments
ap13p picture ap13p  路  3Comments
stopachka picture stopachka  路  3Comments
Aranir picture Aranir  路  3Comments