What is .ENV files ?

Two fundamental components of any computer programming language are variables and constants. Like independent variables in a mathematical equation, these take on values that change the results of the program. Variables and constants both represent unique memory locations containing data the program uses in its calculations. The difference between the two is that variables values may change during execution, while constant values cannot be reassigned.

A .env file or dotenv file is a simple text configuration file for controlling your Applications environment constants. Between Local, Staging and Production environments, the majority of your Application will not change. However in many Applications there are instances in which some configuration will need to be altered between environments. Common configuration changes between environments may include, but not limited to:

  • URL’s and API keys
  • Domain names
  • Public and private authentication keys
  • Service account names

An environment constants is a variable whose value is set outside the program, typically through functionality built into the operating system. An environment variable is made up of a name/value pair, and any number may be created and available for reference at a point in time.


# Malware.Expert


For security reasons, these should not be readable through a browser. Any web server (Nginx, Apache, LiteSpeed, etc), these should be blocked or use ModSecurity block access to them. The reason for this is that .env will likely contain sensitive information such as API secrets, database usernames and passwords, amongst other things and it’s important to keep this information secure.