.env- Jun 2026

| Feature | .env- files | YAML / JSON | | ---------------------- | ---------------------- | ------------------------------ | | Simplicity | Key‑value, no nesting | Supports hierarchies & arrays | | Shell compatibility | Directly source -able | Needs parsing | | 12‑Factor compliance | ✅ Yes | ❌ No (often files are checked in) | | Standard tooling | dotenv everywhere | Custom parsers per language | | Type safety | Strings only | Native types (numbers, booleans) |

DB_HOST=localhost DB_PORT=5432 DB_USERNAME=myuser DB_PASSWORD=mypassword API_KEY=your_api_key_here | Feature |

It was a goldmine. And a tombstone. Lena scrolled further, but the file ended. No, wait. There was a second set of lines, commented out with # and a later timestamp: No, wait

$dotenv = Dotenv\Dotenv::createImmutable(__DIR__); $dotenv->load(); $apiKey = $_ENV['API_KEY']; Use code with caution. Crucial Best Practices for .env Management However, this burns secrets into the image layer

You can pass build arguments into a Docker image using --build-arg and then generate a .env file inside the image. However, this burns secrets into the image layer – not recommended. Instead, mount secrets at runtime.

const env = process.argv[2] || 'development'; const envFile = path.join(__dirname, .env-$env );

5/6 Tools like python-dotenv (Python) or dotenv (Node) load .env for dev only. Keep it that way.