DashboardTutorialsCommunitySupport
Search…
Welcome to Infura docs
Getting started
Dashboard stats
Networks
Ethereum (execution layer)
ETH2 (consensus layer)
IPFS
Filecoin
Polygon PoS
Palm
Optimism
Arbitrum
NEAR
Aurora
Avalanche (C-Chain)
StarkNet
INFURA CUSTOM APIs
NFT SDK
Features
Archive data
Project sharing
Infura transactions (ITX)
Tutorials
Ethereum
NFT SDK
Filecoin
NEAR
Layer 2 networks
Developer tools
Truffle for VS Code
JavaScript dotenv
Avalanche (C-Chain)
LEARN
The Merge
curl
JSON Web Token (JWT)
Web3 libraries
Powered By GitBook
JavaScript dotenv
​dotenv is an npm JavaScript package that loads environment variables from a .env file into the process.env global variable, storing configuration in the environment separate from the code.
When you create a dapp using Infura, store your environment variables on your local machine using dotenv to protect sensitive information, such as Infura API URLs and MetaMask mnemonics, from pushing to GitHub and becoming publicly accessible.

Install dotenv

Use npm to install dotenv in your project directory:
npm i dotenv
Navigate to the project's package.json file to check that dotenv is included under dependencies:
"dependencies": {
...
"dotenv": "^16.0.1",
...
You can create a package.json file by running a CLI questionnaire, or by creating a default package.json file. Refer to the npm documentation for more information.

Create the .env file

At the root of your project directory, create a file named .env containing environment variables for sensitive information that shouldn't be shared, such as an Infura API URL, Ethereum private key, or MetaMask secret recovery phrase:
INFURA_API_URL = "https://ropsten.infura.io/v3/<Your-Project-ID>"
MNEMONIC = "<Your-MetaMask-Secret-Recovery-Phrase>"
Never disclose your private keys or secret recovery phrases. Anyone with your private keys or secret recovery phrases can steal assets held in your account or wallet.

Access the .env information

Give your project access to the .env information by including the following line at the top of your project script:
require('dotenv').config();
Access the environment variables using process.env.<Your-Environment-Variable-Name>. For example, the following is a truffle-config.js file for a Truffle project:
require("dotenv").config();
const HDWalletProvider = require("@truffle/hdwallet-provider");
​
rinkeby: {
provider: () =>
new HDWalletProvider(
process.env.MNEMONIC,
process.env.INFURA_API_URL
),
network_id: 4,
gas: 5500000,
confirmations: 2,
timeoutBlocks: 200,
skipDryRun: true
}

Create a .gitignore file

If you push your project to GitHub, the .env file will become publicly accessible unless you include it in a .gitignore file.
Before pushing your project, create a file named .gitignore, and include a line containing .env. Your file will now be ignored by Git and won't be checked into GitHub.
.gitignore ignores only untracked files. If your .env file was committed in the past, it's now tracked by Git. Untrack the file by deleting it and running git rm --cached .env, then include it in .gitignore.
If you committed sensitive data in the past, remove the data from your GitHub repository.
When cloning an existing project, it might come with a .env.sample, .env.template, or similar file containing environment variables without values. Copy this file into a .env file on your local machine and fill in your values.
Previous
Truffle for VS Code
Next - Tutorials
Avalanche (C-Chain)
Last modified 2mo ago
Copy link
Outline
Install dotenv
Create the .env file
Access the .env information
Create a .gitignore file