• RIGHT TURN: Always abstract settings into ENV variables.
Then unify your ENV variables into a single place tied together for your deployment. Let the platform (Heroku, Render, Vercel) manage your ENV variables, and make sure that your .env
file exists inside of .gitignore
That way, each developer will keep their own ENV settings locally and they will not be checked into source control. Importantly, when a developer is switching branches— which is task that is required consistently and constantly while writing code— there will be the least amount of friction.
Why?
If your ENV file is included in source control, then to make a change to it the developer must keep the change in the “working tree” of the git repository. That means that he or she typically can’t switch branches, rebase, or use commands in git to “add all” or “remove all.”
This developer workflow deficiency alone should be enough to convince you that having any settings in your source control is a bad idea.
Beyond that, it’s usually a security risk.