0

In ReactJS, I created a .env file to read values. I was able to successfully read it both locally and in production. This is correct behavior.

My Question - I had added .env file in .gitignore file. So according to me, it should still work in development environment but should not work in production since .env was gitignored. How is it working?

bijoy tv
  • 148
  • 2
  • 8

1 Answers1

0

Without knowing much about your deployment process, It's hard to say much! Which tool did you use to deploy? (eg. is it your own custom script?)

How is it working?

I assume you mean it still works in production despite having added your .env to your .gitignore? :)

Take note that, when using Git:

  1. removing a file from being tracked by git doesn't necessarily remove it from other machines using that git repository. (maybe the file was copied outside of the git repo as part of the deploy procedure?)
  2. a file that has been added to a git repository, but later removed will still exist in the git history. (eg. Find and restore a deleted file in a Git repository). So pay extra care to not checking in secrets to your git repository in the first place! (or you are going to have to re-generate those secrets or at worst make changes to your git repositorys history!)
yiffyiffyiff
  • 138
  • 7
  • If it's a front-end react repo, like a create-react-app, opposed to a server-side-rendered one like gatsby or next, any env vars you use will be injected into the javascript anyway, and you should only be using publicly visible keys, so they should be fine to go into the repo. – Freaky Turtle Jun 03 '20 at 09:18