I am trying to get to an understanding of what the best approach is to handling environment variables in a monorepo. I am using turborepo and the project structure is organised into a /apps and /packages directories among others.
The current state of the project is with app/package scoped .env and .env.local files. The file containing real secrets is the .env.local, which is only kept locally and shared among developers, while the .env is actually commited in the repo.
The idea is to only keep a root level .env as both turbo repo and the dotenv-cli libraries suggest and to simplify the setup, but I wanted to have some more ideas and references on what kind of things I should consider.
Some questions that I make myself around this are:
- Should I only use a .env file and get rid of the .env.local?
- Is it a good practice to commit a .env file? What if a developer adds a secret there? the repository is private, but overall a bad idea to commit any .env file?
- I saw in a different project where both root level as well as project scoped .env.local files were kept(containing only project specific secrets) and the root level .env.local containing repository wide secrets. What do you think of this approach?
- If the overall objective is to simplify the project setup and onboarding for developers, by only sharing one file, then why to keep project level .env files?
- What is the general practice regarding the use of both .env and .env.* files? Some libraries suggest keeping a unified .env file and don't suggest the use of any other .env.* file.
Thank you for your time.
Best regards,
I have moved all package/app scoped environment variables into a root level .env and .env.local files, but I would like to have some feedback in order to better decide.
