Backend Variables
Required
Application
Redis
Security
Monitoring
Frontend Variables
All frontend variables must be prefixed withVITE_.
Example Files
backend/.env.example
frontend/.env.example
Environment-Specific Values
Development
Staging
Production
Generating Secret Key
Security Best Practices
Key Management
Key Management
- Store secrets in environment variables, not code
- Use different keys for each environment
- Rotate keys periodically
- Never log secret values
Access Control
Access Control
- Limit who has access to production secrets
- Use secret management tools (AWS Secrets Manager, Vault)
- Audit secret access
CI/CD
CI/CD
- Use GitHub Secrets for CI/CD
- Don’t echo secrets in logs
- Mask secrets in output