ENV
Essential tips for security, AI communication, and deployment best practices
🔐 .env files – Your app's secret stash
Whenever your app needs a private key (like from OpenAI, MongoDB, Replicate, etc), you don't put it inside your code. You put it in a file called .env or .env.local.
What are environment variables?
Think of it like a vault — this file holds your private keys so no one else can see them.
Example .env file:
MONGODB_URI=your_mongo_link OPENAI_API_KEY=your_openai_key
Then inside your code, instead of pasting the real key, AI will use:
process.env.OPENAI_API_KEY
This keeps your keys hidden and safe — especially when you publish the app online.
⚠️ Never:
- Share your .env file
- Paste your keys in public
- Commit .env files to GitHub
✅ Always:
- Use environment variables for secrets
- Add them to Vercel when you go live
- Keep .env files in .gitignore
🎯 Key Takeaways
Use .env
Always use .env files for secrets and never expose API keys in your code.
Audit your codebase
Ask Ai to investigate your codebase and do an audit to find security vulnerabilities and flaws.
We'll talk more about this in the Auth and Storage section.