dotenv
to protect sensitive information, such as Infura API URLs and MetaMask mnemonics, from pushing to GitHub and becoming publicly accessible.dotenv
package.json
file to check that dotenv
is included under dependencies:
package.json
file by running a CLI questionnaire, or by creating a default package.json
file. Refer to the npm documentation for more information..env
file.env
containing environment variables for sensitive information that shouldn't be shared, such as an Infura API URL, Ethereum private key, or MetaMask secret recovery phrase:.env
information.env
information by including the following line at the top of your project script:process.env.<Your-Environment-Variable-Name>
. For example, the following is a truffle-config.js
file for a Truffle project:.gitignore
file.env
file will become publicly accessible unless you include it in a .gitignore
file..gitignore
, and include a line containing .env
. Your file will now be ignored by Git and won't be checked into GitHub..gitignore
ignores only untracked files. If your .env
file was committed in the past, it's now tracked by Git. Untrack the file by deleting it and running git rm --cached .env
, then include it in .gitignore
..env.sample
, .env.template
, or similar file containing environment variables without values. Copy this file into a .env
file on your local machine and fill in your values.