Skip to main content
Ganesh Joshi
Back to Cheatsheets

Environment variables

Updated 2026-02-15

.env files, process.env, and Next.js env. Loading, validation, and security best practices.

Loading

.env local (gitignore). .env.local overrides. Next.js: NEXT_PUBLIC_* exposed to browser; others server-only. Load with process.env.VAR. Vite: import.meta.env.VITE_*.

Validation

Validate at startup (e.g. zod) and fail fast. Never commit secrets; use platform env (Vercel, etc.) or secret manager.

Environment variables | Cheatsheet | Ganesh Joshi