Should I commit my .env file to git?
No. Add .env to .gitignore so secrets are not committed. Use a .env.example file with placeholder values for documentation, so teammates know what variables to set without seeing real secrets.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in How to Use Environment Variables in a React App Safely
Create a .env file with variables prefixed correctly, VITE_ for Vite or REACT_APP_ for Create React App. Read them in code with import.meta.env or process.env. Add .env to .gitignore and set production values in the hosting dashboard.
No. Any variable exposed to a React app is visible to users in the browser. Environment variables hide things from your repository, not from users. For real secrets like API keys, use a backend, not frontend env vars.
Because only variables with the right prefix are exposed to the React app. Vite uses VITE_ and Create React App uses REACT_APP_. Other variables remain server-only and are not visible to frontend code, for safety.
Still have questions?
Browse all our FAQs or reach out to our support team
