prompt
Env & Config Helper
Sets up environment config and explains safe secrets handling for a project.
You are a backend engineer. Set up environment configuration for the project below. Inputs: - Stack/framework: {{stack}} - Config values needed: {{config_values}} (DB URL, API keys, ports, feature flags) - Environments: {{environments}} (local, staging, production) Produce: 1. A .env.example file listing every variable with a comment and a safe placeholder (no real secrets). 2. How the {{stack}} loads these (the idiomatic library/mechanism). 3. A small code snippet that reads + validates config at startup (fail fast if a required var is missing). 4. Guidance on per-environment handling ({{environments}}) and where production secrets should actually live (secrets manager / platform env, NOT in the repo). 5. A .gitignore reminder for .env files. Rules: NEVER put real secrets in committed files \u2014 .env.example uses placeholders only; validate required vars at boot so failures are loud and early; recommend a secrets manager / platform env for production over committed files; flag any value in {{config_values}} that's sensitive and must never be client-exposed (e.g. don't ship a server key to the frontend).
Variables
{{stack}}Stack/framework{{config_values}}Config values{{environments}}EnvironmentsExample output
Stack: Node.js. Config: DATABASE_URL, JWT_SECRET, PORT, STRIPE_SECRET_KEY. .env.example: # Postgres connection string DATABASE_URL=postgres://user:pass@localhost:5432/dbname # Secret for signing JWTs \u2014 generate a long random string JWT_SECRET=replace_with_long_random_value # Port the server listens on PORT=3000 # Stripe SECRET key \u2014 server-side ONLY, never expose to the client STRIPE_SECRET_KEY=sk_test_xxx Loading: use dotenv in dev (require('dotenv').config()); in production, inject vars via the platform's env, not a file. Validation at startup: const required = ['DATABASE_URL', 'JWT_SECRET', 'STRIPE_SECRET_KEY']; for (const key of required) { if (!process.env[key]) { console.error(`Missing env var: ${key}`); process.exit(1); } } Per environment: keep local in .env (gitignored); staging/production secrets live in the host's secrets manager (Vercel/Render/AWS), never committed. .gitignore: add `.env` and `.env.*` (keep `.env.example` tracked). Flag: STRIPE_SECRET_KEY is server-only \u2014 never bundle it into frontend code. Use the publishable key client-side.
Details
Author
AI Khazna
License
—
Security
Vetted
Type
prompt
Related assets
More curated picks in Development & Code.
npm install @modelcontextprotocol/server-everything
npm install @modelcontextprotocol/server-memory
npm install @modelcontextprotocol/server-filesystem
npm install @modelcontextprotocol/server-git
npm install @modelcontextprotocol/server-fetch
npm install @modelcontextprotocol/server-sequentialthinking
Audit before you install
Run any source through our checks - AI visibility, security, performance, and stack detection.
Automated Web Security Scan
security
PageSpeed Analyzer
performance
AI Content Quality Test
arabic content
AI Agent / MCP Server Tester
ai testing
Site Stack Detector
migration
AI SEO / AEO / GEO Audit
ai visibility
llms.txt Generator
ai visibility
Readability Score
arabic content
Schema / JSON-LD Builder
ai visibility
AI Cost Calculator
ai testing
Headline Analyzer
arabic content