Environment Variables
Environment variables are key-value pairs defined outside the source code and made available to an application at runtime. In combination with Secret Management , they enable the secure separation of configuration and code. For businesses, this means: the same codebase across different environments without sensitive data in the repository.
Why environment variables instead of configuration files?
Environment variables solve a central problem: the same codebase must run in different environments (development, staging, production) with different settings. Database connections, API keys, feature flags, and debug modes are controlled via environment variables without changing the code. This prevents sensitive data from ending up in the repository.
Environment variables and security
Environment variables are the simplest level of Secret Management . For local development, they are defined in .env files (which must be in .gitignore). In production environments, they are set via the hosting provider, Docker secrets, or secret managers. Critical: never commit .env files, never output environment variables in logs or error messages.
Usage in Docker and CI/CD
In Containerization with Docker, environment variables are set via docker-compose.yml, .env files, or Docker Secrets. In CI/CD pipelines, they are defined as encrypted pipeline variables (GitHub Secrets, GitLab CI Variables) and injected at build and deploy time. The Infrastructure as Code philosophy also treats configuration as versioned, reproducible code.
Common mistakes with environment variables
Missing .gitignore entries for .env files. Default values for secrets in the codebase. No documentation of required variables. Different variable names between environments. No validation at application startup -- missing required variables are only noticed at runtime. A .env.example template in the repository documents all needed variables without sensitive values.
How we use it
Every BTECH project includes a .env.example with all required variables -- documented but without sensitive values. Django distinguishes between dev, staging, and production via DJANGO_SETTINGS_MODULE. In our GitHub Actions pipeline, credentials are injected as encrypted secrets and never output in logs. Angular uses environment.ts files that are replaced during the Build process . Docker Compose reads .env files automatically -- a setup that strengthens both Maintainability and security.