As developers, we know it’s crucial to keep things like API keys and secrets safe. It can be hard to share them with other developers safely. Plus, we can’t just put them directly in our code because that’s not secure. It could end up on public sites like GitHub, which we don’t want.
In the past, we relied on extra tools like dotenv, especially in the Node.js world. With dotenv, we created a special file called .env in our project’s main folder. We put our secrets there and told our program to use them. But is it safe to depend on these extra tools?
Node.js In-built support for .env
Safety has always been a big concern, even when we used open-source projects like dotenv. But now, with Node.js 20, we don’t need those extra tools. Node.js itself knows how to handle .env files. Let’s see how it works.
Using .env with Node.js 20
With Node.js 20, you only have to make a .env file in your project’s main folder and put all your secrets there:
API_KEY="YOUR API KEY"
# Add your other secrets here
You don’t need to download any extra stuff. Just run your project like this:
node --env-file=.env index.js
That’s it! Your app will use the secrets from the .env file.
Why Not Using dotenv is Good (In My Opinion)
Speaking for myself, I’ve always been careful about using extra tools from third parties. It’s great that we don’t have to use them anymore. This change makes our project more secure, makes it easier to develop, and keeps the app a bit smaller (not by a lot, but it helps).
Conclusion
I hope you will find this blog helpful. We’ll see you in the next blog with some new content. Until then, goodbye! If you have any queries, you can reach me on LinkedIn, and you can also follow my YouTube channel. I might not be consistent on YouTube, but you will still find helpful content. You can always buy me a ☕️. Your support means a lot. Thank you! 🙌