Don't aim for complex orchestration. Aim for elegant defaults and a cp command away. Start today: if your project doesn't have an .env.sample , create one. If it does, audit it. Your future self, and your security team, will thank you.
# .env (DO NOT COMMIT THIS) DATABASE_URL=postgresql://user:MySuperSecretPass123@localhost:5432/app API_KEY=sk_live_9876543210 DEBUG=False Here is the problem: If you commit the .env file to Git, you have just leaked your secrets. If you ignore it in .gitignore but never tell your teammates what variables they need, they spend hours guessing why the app won't start. .env.sample
In your project root, create the file:
The .env.sample file is a . It contains all the keys your application needs, but none of the secrets . It is safe to commit to version control. It answers the question: "What environment variables must I define to run this project?" Don't aim for complex orchestration