What Are Surroundings Variables: A Information For Novices


Surroundings variables allow configuring purposes with out altering code. They detach exterior knowledge from app logic, which might stay fairly mystifying to budding builders (and even some seasoned ones).

Via this hands-on information, we are going to elevate the veil round surroundings variables so you possibly can perceive what they entail, why they matter, and how you can leverage surroundings variables confidently.

Seize your favourite beverage (and possibly some cookies) trigger we’re about to get into it. Let’s unpack environmental variable ideas from the bottom up.

What Are Surroundings Variables?

example of environment variables showing an example of a dynamic value like $SUGAR and what that valuable equals: 1 cup sugar

Surroundings variables are dynamic named values that may have an effect on how operating processes behave on a pc. Some key properties of surroundings variables are:

  • Named: Have descriptive variable names like APP_MODE and DB_URL.
  • Exterior: Values are set exterior the app code through information, command strains, and techniques.
  • Dynamic: Can replace variables with out restarting apps.
  • Configured: Code depends on variables however doesn’t outline them.
  • Decoupled: No want to change code configurations as soon as variables are set.

Right here’s an analogy. Think about you’re following a chocolate chip cookie recipe. The recipe would possibly say:

  • Add 1 cup of sugar
  • Add 1 stick of softened butter
  • Add 2 eggs

As an alternative of these hard-coded values, you would use surroundings variables as a substitute:

  • Add $SUGAR cup of sugar
  • Add $BUTTER sticks of softened butter
  • Add $EGGS eggs

Earlier than making the cookies, you’d set these surroundings variable names to values of your selecting:


So, when following the recipe, your components would resolve to:

  • Add 1 cup of sugar
  • Add 1 stick of softened butter
  • Add 2 eggs

This lets you configure the cookie recipe with out altering the recipe code.

The identical idea applies to computing and improvement. Surroundings variables assist you to alter the surroundings wherein a course of runs with out altering the underlying code. Listed here are a number of widespread examples:

  • Setting the surroundings to “improvement” or “manufacturing”
  • Configuring API keys for exterior companies
  • Passing in secret keys or credentials
  • Toggling sure options on and off

Surroundings variables present nice flexibility. You may deploy the identical code to a number of environments with out altering the code itself. However let’s perceive additional why they’re invaluable.

Why Are Surroundings Variables Worthwhile?

environment variables are valuable to separate application code from configurations, simplify application configuration, manage secrets and credentials, and promote consistenc

Contemplate surroundings variables like software knobs used to dial-in preferences. We’ll discover wonderful use circumstances shortly.

Let’s solidify instinct on why surroundings variables matter!

Motive #1: They Separate Software Code From Configurations

reason #1 they separate application code from configurations showing these two elements as separate boxes in the graphic

Laborious-coding configurations and credentials immediately into your code could cause all kinds of issues:

  • Unintended commits to supply management
  • Rebuilding and redeploying code simply to vary a worth
  • Configuration points when selling throughout environments

It additionally results in messy code:

import os

# Laborious-coded configuration
DB_USER = 'appuser' 
DB_PASS = 'password123'
DB_HOST = 'localhost'
DB_NAME = 'myappdb'

def connect_to_db():
  print(f"Connecting to {DB_USER}:{DB_PASS}@{DB_HOST}/{DB_NAME}")  


This entangles enterprise logic with configuration particulars. Tight coupling makes upkeep arduous over time:

  • Modifications require modifying the supply code
  • Danger of leaking secrets and techniques into supply management

Utilizing surroundings variables reduces these points. For example, you possibly can set the DB_USER and DB_NAME surroundings variables.

# .env file

The appliance code can entry the surroundings variables each time required, maintaining the code clear and easy.

import os

# Load config from surroundings 
DB_USER = os.environ['DB_USER']
DB_PASS = os.environ['DB_PASS'] 
DB_HOST = os.environ['DB_HOST']
DB_NAME = os.environ['DB_NAME']

def connect_to_db():
  print(f"Connecting to {DB_USER}:{DB_PASS}@{DB_HOST}/{DB_NAME}")

Surroundings variables cleanly separate configuration from code, maintaining delicate values abstracted into the surroundings.

You may deploy the identical code from improvement to manufacturing with out altering a factor. The surroundings variables can differ between environments with out impacting the code in any respect.

Motive #2: They Simplify Configuring Purposes

Application with three different environment branches: development, staging, production

Surroundings variables simplify tweaking configurations with out touching code:

# .env file:

Right here’s how we may use it inside the script file:

# Script content material:
import os

DEBUG = os.environ.get('DEBUG') == 'true' 

   print("In DEBUG mode")

Toggling debug mode requires solely updating the .env file—no code adjustments, rebuilding, or redeploying are wanted. “Env vars” for brief, additionally assist deploy throughout environments seamlessly:

import os

# Retrieve surroundings variable to find out the present surroundings (manufacturing or staging)
current_env = os.getenv('APP_ENV', 'staging')  # Default to 'staging' if not set

# Manufacturing API key
PROD_API_KEY = os.environ['PROD_API_KEY']

# Staging API key
STG_API_KEY = os.environ['STG_API_KEY']

# Logic that units api_key based mostly on the present surroundings
if current_env == 'manufacturing':
    api_key = PROD_API_KEY
    api_key = STG_API_KEY

# Initialize API consumer with the suitable API key
api = ApiClient(api_key)

The identical code can use separate API keys for manufacturing vs staging with none adjustments.

And lastly, they allow function toggles with out new deployments:

NEW_FEATURE = os.environ['NEW_FEATURE'] == 'true'


Altering the NEW_FEATURE var prompts performance immediately inside our code. The interface for updating configurations will depend on the techniques:

  • Cloud platforms like Heroku use net dashboards
  • Servers use OS command instruments
  • Native dev can use .env information

Surroundings variables are helpful when creating purposes, permitting customers to configure parts per their necessities.

Motive #3: They Assist Handle Secrets and techniques And Credentials

application code branched to environment variables with five branches each labeled secrets

Checking secrets and techniques like API keys, passwords, and personal keys immediately into supply code raises substantial safety dangers:

# Keep away from exposing secrets and techniques in code!
STRIPE_KEY = 'sk_live_1234abc'
DB_PASSWORD = 'password123'

stripe.api_key = STRIPE_KEY 

These credentials are actually uncovered if this code will get dedicated right into a public GitHub repository!

Surroundings variables stop leakage by externalizing secrets and techniques:

import os

STRIPE_KEY = os.environ.get('STRIPE_KEY')  
DB_PASS = os.environ.get('DB_PASS')   

stripe.api_key = STRIPE_KEY  

The precise secret values get set in an area .env File.

# .env file


Don’t neglect to .gitignore the .env file to maintain secrets and techniques out of supply management. This includes defining the .env file in a .gitignore file in any repo root, which tells git to disregard the file throughout commit creation.

This separates secret definitions from software code, loading them securely from protected environments throughout runtime. The chance of by accident exposing credentials reduces dramatically.

Motive #4: They Promote Consistency

configuration with four branches shooting off to environment variables

Think about having completely different configuration information for improvement, QA, and manufacturing environments:

# Improvement
DB_HOST = 'localhost'
DB_NAME = 'appdb_dev'

# Manufacturing
DB_HOST = 'db.myapp.com'
DB_NAME = 'appdb_prod'

This discrepancy introduces refined bugs which can be exhausting to catch. Code that works flawlessly in improvement would possibly all of the sudden break manufacturing as a consequence of mismatched configurations.

Surroundings variables clear up this by centralizing configuration in a single place:


Now, the identical variables get used persistently throughout all environments. You now not have to fret about random or incorrect settings kicking in.

The appliance code merely references the variables:

import os

db_host = os.environ['DB_HOST']
db_name = os.environ['DB_NAME']

db.join(db_host, db_name)

Whether or not the app runs regionally or on a manufacturing server, it all the time makes use of the proper database host and identify.

This uniformity reduces bugs, improves predictability, and makes the app extra strong general. Builders can believe that the code will behave identically in each surroundings.

Get Content material Delivered Straight to Your Inbox

Subscribe to our weblog and obtain nice content material identical to this delivered straight to your inbox.

How Can You Outline Surroundings Variables

Surroundings variables could be outlined in a number of locations, permitting flexibility in setting and accessing them throughout processes and techniques.

1. Working System Surroundings Variables

Most working techniques present built-in mechanisms for outlining international variables. This makes the variables accessible system-wide to all customers, purposes, and many others.

On Linux/Unix techniques, variables could be outlined in shell startup scripts.

For instance, ~/.bashrc can be utilized to set user-level variables, whereas /and many others/surroundings is for system-wide variables that each one customers can entry.

Variables may also be set inline earlier than executing instructions utilizing the export command or immediately by the env command in bash:

# In ~/.bashrc
export DB_URL=localhost
export APP_PORT=3000
# In /and many others/surroundings

Variables may also be set inline earlier than executing instructions:

export TOKEN=abcdef
python app.py

Defining variables on the OS degree makes them globally accessible, which is kind of useful if you wish to run the app with out relying on inside values.

You can even reference outlined variables in scripts or command-line arguments.

python app.py --db-name $DB_NAME --db-host $DB_HOST --batch-size $BATCH_SIZE

2. Defining Surroundings Variables In Software Code

Along with OS-level variables, surroundings variables could be outlined and accessed immediately inside the software code whereas operating.

The os.environ dictionary in Python comprises all presently outlined surroundings variables. We are able to set new ones by merely including key-value pairs:

Surroundings variables may also be outlined and accessed immediately inside the software code. In Python, the os.environ dictionary comprises all outlined surroundings variables:

import os
os.environ["API_KEY"] = "123456" 
api_key = os.environ.get("API_KEY")

So, the os.environ dictionary permits for the dynamic setting and retrieving of surroundings variables from inside Python code.

Most languages come bundled with their libraries, providing entry to surroundings variables throughout runtime.

You can even use frameworks like Categorical, Django, and Laravel to have deeper integrations, reminiscent of auto-loading .env information containing surroundings variables.

3. Creating Native Configuration Recordsdata For Surroundings Variables

Along with system-level variables, surroundings variables could be loaded from an software’s native configuration information. This retains configuration particulars separate from code, even for native improvement and testing.

Some standard approaches:

.env Recordsdata

The .env file format conference popularized by Node.js gives a handy method to specify surroundings variables in a key-value format:

# .env

Net frameworks like Django and Laravel routinely load variables outlined in .env information into the appliance surroundings. For different languages like Python, libraries reminiscent of python-dotenv deal with importing .env information:

from dotenv import load_dotenv
load_dotenv() # Masses .env variables

print(os.environ['DB_URL']) # localhost

The advantage of utilizing .env information is that they maintain configuration clear and separate with out making adjustments to code.

JSON Configuration Recordsdata

For extra complicated configuration wants involving a number of surroundings variables, utilizing JSON or YAML information helps set up variables collectively:

// config.json
  "api_url": "https://api.instance.com",
  "api_key": "123456", 
  "port": 3000

Software code can then shortly load this JSON knowledge as a dictionary to entry configured variables:

import json

config = json.load('config.json')  

api_url = config['api_url']
api_key = config['api_key'] 
port = config['port'] # 3000

This prevents messy dotenv information when coping with a number of app configurations.

How Do You Entry Surroundings Variables In Totally different Programming Languages?

Nonetheless we select to outline surroundings variables, our purposes want a constant approach of trying up values throughout runtime.

Whereas numerous methods exist to outline surroundings variables, software code wants a normal method to entry them at runtime, no matter language. Right here is an outline of strategies to entry env variables throughout standard languages:


Python gives the os.environ dictionary to entry outlined surroundings variables:

import os

db = os.environ.get('DB_NAME')


We are able to get a variable utilizing os.environ.get(), which returns None if undefined. Or entry immediately through os.environ(), which is able to elevate KeyError if it isn’t current.

Further strategies like os.getenv() and os.environ.get() permit specifying default values if unset.

JavaScript (Node.js)

In Node.js JavaScript code, surroundings variables can be found on the worldwide course of.env object:

// Get env var
const db = course of.env.DB_NAME;


If undefined, course of.env will include undefined. We are able to additionally provide defaults like:

const db = course of.env.DB_NAME || 'defaultdb';


Ruby purposes entry surroundings variables by the ENV hash:

# Entry variable 
db = ENV['DB_NAME']  

places db

We are able to additionally go a default worth if the specified key doesn’t exist:

db = ENV.fetch('DB_NAME', 'defaultdb')


PHP gives international strategies getenv(), $_ENV and $_SERVER to entry surroundings variables:

// Get env var
$db_name = getenv('DB_NAME');

// Or entry $_ENV or $_SERVER arrays 
$db_name = $_ENV['DB_NAME'];

Relying on the variable supply, they might be accessible in several globals.


In Java, the System.getenv() methodology returns env variables which could be accessed:

String dbName = System.getenv("DB_NAME");

This permits entry to variables outlined at a system degree globally in Java.

For now, some greatest practices round surroundings variable hygiene.

Surroundings Variable Safety Information

never store sensitive info, use environment-specific variables, keep secrets of out version control, secure secrets on production servers, use strong encryption algorithms, rotate secrets regularly

In the case of managing surroundings variables securely, we must always maintain a number of greatest practices in thoughts.

By no means Retailer Delicate Info In Code

Before everything, by no means retailer delicate info like passwords, API keys, or tokens immediately in your code.

It could be tempting to simply hardcode a database password or an encryption key into your supply code for fast entry, however resist that urge!

If you happen to by accident commit that code to a public repository on GitHub, you’re basically broadcasting your secrets and techniques to the complete world. Think about if a hacker obtained ahold of your manufacturing database credentials simply because they have been sitting in plain textual content in your codebase. Scary thought, proper?

As an alternative, all the time use surroundings variables to retailer any type of delicate configuration. Hold your secrets and techniques in a safe place like a .env file or a secrets and techniques administration device, and reference them in your code through surroundings variables. For instance, as a substitute of doing one thing like this in your Python code:

db_password = "supers3cr3tpassw0rd"

You’d retailer that password in an surroundings variable like this:

# .env file

After which entry it in your code like:

import os
db_password = os.environ.get('DB_PASSWORD')

This manner, your secrets and techniques are nonetheless protected even when your supply code will get compromised. Surroundings variables act as a safe abstraction layer.

Use Surroundings-Particular Variables

One other apply is utilizing completely different surroundings variables for every software surroundings, reminiscent of improvement, staging, and manufacturing.

You don’t wish to by accident hook up with your manufacturing database whereas creating regionally simply since you forgot to replace a config variable! Namespace your surroundings variables for every surroundings:

# Dev

# Manufacturing

Then, reference the suitable variables in your code relying on the present surroundings. Many frameworks like Rails present environment-specific config information for this function.

Hold Secrets and techniques Out Of Model Management

It’s additionally essential to maintain your .env and config information containing secrets and techniques out of model management. Add .env to your .gitignore so that you don’t by accident commit it to your repository.

You should utilize git-secrets to scan for delicate data earlier than every commit. For further safety, encrypt your secrets and techniques file earlier than storing it. Instruments like Ansible Vault and BlackBox may help with this.

Safe Secrets and techniques On Manufacturing Servers

When managing surroundings variables in your manufacturing servers, keep away from setting them utilizing command line arguments, which could be inspected by the method desk.

As an alternative, use your working system or container orchestration platform’s surroundings administration instruments. For instance, you need to use Kubernetes Secrets and techniques to retailer and expose secrets and techniques securely to your software pods.

Use Robust Encryption Algorithms

Use strong and fashionable encryption algorithms when encrypting your secrets and techniques, whether or not in transit or at relaxation. Keep away from deprecated algorithms like DES or MD5, which have recognized vulnerabilities. As an alternative, go for industry-standard algorithms like AES-256 for symmetric encryption and RSA-2048 or ECDSA for uneven encryption.

Rotate Secrets and techniques Commonly

Rotate your secrets and techniques frequently, particularly for those who suspect they might have been compromised. Deal with secrets and techniques such as you would a password — replace them each few months. A secrets and techniques administration device like Hashicorp Vault or AWS Secrets and techniques Supervisor may help automate this course of.

Be Cautious With Logging And Error Reporting

Watch out about logging and error reporting. Be sure that to not log any surroundings variables that include delicate values. If you happen to’re utilizing a third-party error monitoring device, configure it to sanitize delicate knowledge. The very last thing you need is to your secrets and techniques to seem in a stack hint on an exception reporting dashboard!

When To Keep away from Surroundings Variables?

environment variable with 4 branch offs, but each with an ex blocking the way to complex configuration, sensitive information, multiple environments, team sharing

There are a number of circumstances the place surroundings variables needs to be prevented:

Managing Complicated Configuration

Utilizing surroundings variables to handle configuration for complicated software program techniques can turn out to be messy and error-prone. Because the variety of configuration parameters grows, you find yourself with lengthy surroundings variable names that may unintentionally collide. There may be additionally no straightforward method to set up associated configuration values collectively.

As an alternative of surroundings variables, think about using configuration information in a format like JSON or YAML. These assist you to:

  • Group associated configuration parameters collectively in a nested construction.
  • Keep away from naming collisions by encapsulating config in scopes and namespaces.
  • Outline customized knowledge sorts as a substitute of simply strings.
  • Shortly view and modify configurations utilizing a textual content editor.

Storing Delicate Info

Whereas surroundings variables appear straightforward to inject exterior configurations like API keys, database passwords, and many others., this may trigger safety points.

The issue is surroundings variables are accessible globally in a course of. So, if an exploit exists in a part of your software, it may compromise secrets and techniques saved in surroundings variables.

A safer method is utilizing a secret administration service that handles encryption and entry management. These companies permit storing of delicate knowledge externally and supply SDKs for retrieving software values.

So, think about using a devoted secrets and techniques administration resolution relatively than surroundings variables for credentials and personal keys. This reduces the chance of by accident exposing delicate knowledge by exploits or unintended logging.

Working With A number of Environments

Managing surroundings variables can turn out to be tedious as purposes develop and get deployed throughout a number of environments (dev, staging, staging, prod). You might have fragmented configuration knowledge unfold throughout numerous bash scripts, deployment instruments, and many others.

A configuration administration resolution helps consolidate all environment-specific settings right into a centralized place. This might be information in a repository, a devoted configuration server, or built-in together with your CI/CD pipelines.

If the purpose is to keep away from duplicating surroundings variables, a single supply of fact for configurations makes extra sense.

Sharing Configuration Throughout Groups

Since surroundings variables are sourced regionally per course of, sharing and synchronizing configuration knowledge throughout completely different groups engaged on the identical software or suite of companies turns into very tough.

Every crew might preserve its copy of configuration values in several bash scripts, deployment manifests, and many others. This decentralized configuration results in the next:

  1. Configuration drift: With no single supply of fact, it’s straightforward for configuration to turn out to be inconsistent throughout environments as completely different groups make unbiased adjustments.
  2. Lack of visibility: There isn’t a centralized method to view, search, and analyze the complete configuration state throughout all companies. This makes it extraordinarily obscure how a service is configured.
  3. Auditing challenges: Modifications to surroundings variables usually are not tracked in any commonplace approach, making it exhausting to audit who modified what configuration and when.
  4. Testing difficulties: With no method to simply snapshot and share configuration, making certain constant environments for improvement and testing turns into extraordinarily cumbersome.

Somewhat than this fragmented method, having a centralized configuration resolution permits groups to handle configuration from a single platform or repository.

Construct Your Apps With Surroundings Variables For The Lengthy-Time period

As your software grows, think about how chances are you’ll want extra superior methods to handle its configuration settings.

What appears easy now may get extra difficult in a while. You’ll seemingly want higher methods to manage entry, share crew settings, set up every little thing clearly, and replace configurations easily.

Don’t again your self right into a nook by simply utilizing surroundings variables from the beginning. You wish to plan how you can deal with configurations as your wants develop.

Whereas surroundings variables are nice for dealing with environment-focused knowledge like login credentials, database names, native IPs, and many others, you wish to create a system that follows sound rules like safety, shareability, group, and the flexibility to adapt to adjustments shortly.

The options we mentioned, like utilizing a devoted configuration file or service, have invaluable options that align with these rules. That can enable you to maintain transferring shortly with out getting slowed down.

Get Content material Delivered Straight to Your Inbox

Subscribe to our weblog and obtain nice content material identical to this delivered straight to your inbox.