Closed markkovari closed 1 month ago
@markkovari If I'm not mistaken, it means that we should add the .env file to the .gitignore, and maybe we should add a new .env.sample file without the actual values (just with the names of the environment variables). And then, whoever downloads the code can fill out those values and should delete the .sample part from the end of the file. Am i correct?
Yes, beside that usually we recommend people to copy the sample, like
cp .env.sample .env
and they will not commit the .env
file with its secrets.
By the way you can use the .env file with the docker compose too like this: https://docs.docker.com/compose/environment-variables/set-environment-variables/#use-the-env_file-attribute
And is it worth including this description as well in the README (that they should just copy it with this command and fill it out accordingly or) ?
Yes, I would definitely do that. You can avoid the whole leaking of secrets with this.
I am in a bit of a confusion where is the
.env
file being used. Although we usually add a sample.env.sample
which people can copy and fill with their values. This exact path (filename) is usually added to gitignore too.