: Tells your framework or tooling (like dotenv ) that this file contains key-value pairs used to configure your application's environment.
: Variables explicitly set in the terminal shell (e.g., API_KEY=xyz npm run build ) or via your hosting provider platform (Vercel, Netlify, AWS).
# Private server-side variables (Hidden from the browser) DATABASE_URL="postgresql://db_user:local_prod_password@localhost:5432/prod_db" STRIPE_SECRET_KEY="sk_prod_local_xyz123" # Public client-side variables (Exposed to the browser) NEXT_PUBLIC_API_URL="https://productionserver.com" NEXT_PUBLIC_ANALYTICS_ID="UA-LOCAL-PROD" Use code with caution. .env.local.production
If you mistakenly commit this file, you are committing secrets that are intended for production-like behavior —potentially including API keys that have broad permissions on your staging or live infrastructure.
This table summarizes the standard file types across popular frameworks: : Tells your framework or tooling (like dotenv
Here are three scenarios where .env.local.production (or its equivalent) is indispensable.
Frameworks generally load environment files in a specific order of priority (later files override earlier ones). In Next.js, for example, the order for builds is typically: If you mistakenly commit this file, you are
, not in your codebase. This file can contain production-specific overrides that are injected during deployment.
: Specifies the target execution environment. These variables will not load if the application is running in development or test modes.
contains environment-specific settings for the development environment. This file can be committed to version control as it should not contain secrets.
: Tells your framework or tooling (like dotenv ) that this file contains key-value pairs used to configure your application's environment.
: Variables explicitly set in the terminal shell (e.g., API_KEY=xyz npm run build ) or via your hosting provider platform (Vercel, Netlify, AWS).
# Private server-side variables (Hidden from the browser) DATABASE_URL="postgresql://db_user:local_prod_password@localhost:5432/prod_db" STRIPE_SECRET_KEY="sk_prod_local_xyz123" # Public client-side variables (Exposed to the browser) NEXT_PUBLIC_API_URL="https://productionserver.com" NEXT_PUBLIC_ANALYTICS_ID="UA-LOCAL-PROD" Use code with caution.
If you mistakenly commit this file, you are committing secrets that are intended for production-like behavior —potentially including API keys that have broad permissions on your staging or live infrastructure.
This table summarizes the standard file types across popular frameworks:
Here are three scenarios where .env.local.production (or its equivalent) is indispensable.
Frameworks generally load environment files in a specific order of priority (later files override earlier ones). In Next.js, for example, the order for builds is typically:
, not in your codebase. This file can contain production-specific overrides that are injected during deployment.
: Specifies the target execution environment. These variables will not load if the application is running in development or test modes.
contains environment-specific settings for the development environment. This file can be committed to version control as it should not contain secrets.
