Advanced Environment Techniques

[00:00:00]
>> Speaker 1: We already talked about some of the benefits of this As far as having this environment variable file, it's just so that we can have it typed and everything is nice and tidy and predictable Most importantly, when we start the server up, we will get errors if the required environment variables aren't set, which might not seem like a big deal now, but I promise you it's such a big deal That's gonna save you so much time, and I just wrote some more stuff in here, talking about the benefits of setting up an .env file, which we already walked through

[00:00:00]
We talked about the health check I do have some examples here of how you might test some of these routes You can do this if you want, but we're not gonna do this because we're just gonna get into testing later I just put this in here as a reference for you to go back and see how you would have known if you've done this right You could just write a test for it and see if this is how you would have done it

[00:00:00]
But if I were to walk through that now, I would have to show you how to set up tests, and I don't wanna do that right now Another more intricate step is what you can do is make some environment variables optional or non-optional depending on what environment you're in, or what app stage you're in So like if it's in production, maybe I want a different default, or maybe this is only going to be required if we're in production, but in development, it's not required

[00:00:00]
So you can just turn area or boolean off of those helper functions as well to set different defaults or different validations on your schema That's where it can get super powerful A few things to note: I talked about this a little bit, but never commit .env files to GitHub I know that's probably counterintuitive to what I think Next.js wants you to do I think they do want you to commit .env files to GitHub and expect you not to put any secrets in those .env files

[00:00:00]
I don't recommend ever doing that Don't ever commit .env files to GitHub, that's the best thing I can say This other stuff is just advanced type of stuff If you really wanna be super safe for things like secrets that you generate, you might want to rotate those things, which basically means on some interval you go generate new ones and phase out, cancel out the ones that you already have, just in case something leaked and someone has access to it

[00:00:00]
It's like changing your password on a frequency You can use secrets management HashiCorp Vault is one This is basically like you take all your .env files, put them into this one app, and then this app gives you just one SDK or one URL that you can load in, and then that will load in all your environment variables It's basically the same thing as having that settings panel inside a hosting provider where you can add all your environment variables

[00:00:00]
But it's not attached to any hosting provider; you can use it anywhere, even locally It's probably the cleanest way to get on board to an app—just to put it into a vault where someone doesn't need to know all the values They can just import this vault and use it.