The .env File Nobody Needs

The Unix Way — Episode 10 107 million weekly downloads. That is the current figure for dotenv on npm. A package whose entire purpose is reading KEY=VALUE pairs from a file and placing them into process.env. Unix has done this since 1979. The Archaeology Version 7 Unix introduced environment variables forty-seven years ago. The mechanism is rather elegant: a parent process passes key-value pairs to its children through exec(). Every process inherits. No library. No file to parse. No package to install. Then somewhere along the way, the ecosystem decided this was insufficient. The solution: write your secrets into a file called .env, place it in your repository root, and install a package to read it. The Cost GitHub detected 39 million leaked secrets in 2024. A 67% increase from the previous year. Toyota exposed 270,000 customer records through a single access key committed to a public repository. The .env file is not a security mechanism. It is a plaintext file containing your database