Skip to main content

Environment Variables

Modern applications rarely run in a single environment. A local development environment, staging server, and production deployment often require different configuration values while sharing the same application code. Environment variables allow applications to adapt to their environment without modifying source code. In Bejibun, environment variables are the primary mechanism for configuring sensitive values and environment-specific settings.

What Are Environment Variables?

Environment variables are key-value pairs that exist outside your application’s source code. Example: 
APP_NAME=My Application

APP_ENV=development

PORT=3000
Your application can access these values at runtime. 
Env.get("APP_NAME");
Result: 
My Application
This approach allows the same codebase to be used across multiple environments.

Why Use Environment Variables?

Without environment variables, applications often contain hardcoded values. Avoid: 
const databaseHost =
  "localhost";

const databasePassword =
  "super-secret-password";
Instead: 
const databaseHost =
  Env.get("DB_HOST");

const databasePassword =
  Env.get("DB_PASSWORD");
Benefits include:
  • Improved security
  • Easier deployments
  • Environment-specific configuration
  • Better team collaboration
  • Cleaner code

The .env File

Bejibun loads environment variables from a .env file located at the root of your project. Example: 
APP_NAME=Bejibun

APP_ENV=development

APP_DEBUG=true

APP_URL=http://localhost:3000
Project structure: 
my-app/
├── app/
├── config/
├── routes/
├── .env
└── package.json
The .env file is typically used during local development.

Example Environment Configuration

A typical application may contain: 
APP_NAME=My Application

APP_ENV=development

APP_DEBUG=true

APP_URL=http://localhost:3000

PORT=3000

DB_CONNECTION=mysql

DB_HOST=127.0.0.1

DB_PORT=3306

DB_DATABASE=my_app

DB_USERNAME=root

DB_PASSWORD=password
These values can be accessed through configuration files or framework services.

Accessing Environment Variables

Use the Env service to retrieve values. Example: 
Env.get("APP_NAME");
Result: 
My Application
You may also provide a default value. 
Env.get(
  "PORT",
  3000
);
If PORT is missing: 
3000
will be returned.

Recommended Usage

Environment variables should generally be consumed within configuration files. Good: 
export default {
  host: Env.get("DB_HOST")
};
Then: 
Config.get(
  "database.host"
);
throughout the application. Avoid: 
Env.get("DB_HOST");

Env.get("DB_PORT");

Env.get("DB_DATABASE");
inside controllers, services, and business logic. This keeps environment concerns centralized.

Environment Files

Applications often require different settings for different environments. Example: 
.env
.env.local
.env.testing
.env.staging
.env.production
Each environment can provide its own values. Development: 
APP_ENV=development

APP_DEBUG=true
Production: 
APP_ENV=production

APP_DEBUG=false
The application behavior changes without modifying source code.

Common Application Variables

Most Bejibun applications will use variables similar to the following.

Application

APP_NAME=Bejibun

APP_ENV=development

APP_DEBUG=true

APP_URL=http://localhost:3000
Purpose:
  • Application metadata
  • Environment detection
  • Debug settings

Server

HOST=0.0.0.0

PORT=3000
Purpose:
  • Network configuration
  • HTTP server settings

Database

DB_CONNECTION=mysql

DB_HOST=127.0.0.1

DB_PORT=3306

DB_DATABASE=app

DB_USERNAME=root

DB_PASSWORD=password
Purpose:
  • Database connections
  • Migration support
  • ORM functionality

Redis

REDIS_HOST=127.0.0.1

REDIS_PORT=6379

REDIS_PASSWORD=
Purpose:
  • Cache storage
  • Queue processing
  • Session storage

Mail

MAIL_HOST=smtp.example.com

MAIL_PORT=587

MAIL_USERNAME=user

MAIL_PASSWORD=password
Purpose:
  • Email delivery
  • Notifications
  • Password resets

Storage

STORAGE_DISK=local
Or: 
STORAGE_DISK=s3

AWS_ACCESS_KEY_ID=

AWS_SECRET_ACCESS_KEY=

AWS_BUCKET=
Purpose:
  • File uploads
  • Asset storage
  • Cloud integrations

Environment Detection

Applications often need to determine their current environment. Example: 
Env.get("APP_ENV");
Result: 
development
or: 
production
Example usage: 
const isProduction =
  Env.get("APP_ENV")
  === "production";
This is commonly used within framework internals and configuration files.

Validating Environment Variables

Missing configuration values can cause runtime failures. Instead of discovering problems after deployment, Bejibun may validate environment variables during startup. Example: 
Env.validate({
  APP_NAME: "string",

  DB_HOST: "string",

  DB_DATABASE: "string"
});
Benefits:
  • Early error detection
  • Safer deployments
  • Improved reliability
Applications should fail fast when critical configuration is missing.

Type Conversion

Environment variables are always stored as strings. Example: 
PORT=3000
Raw value: 
"3000"
The framework may automatically convert values when appropriate. Example: 
Env.getNumber("PORT");
Result: 
3000
Similarly: 
Env.getBoolean(
  "APP_DEBUG"
);
Result: 
true
Type-safe environment access reduces common configuration errors.

Protecting Sensitive Data

Environment variables often contain secrets. Examples: 
DB_PASSWORD=

JWT_SECRET=

API_KEY=

AWS_SECRET_ACCESS_KEY=
These values should never be committed to source control.

Add .env to Git Ignore

Example: 
.env
This prevents accidental exposure of sensitive information.

Use .env.example

Instead of committing real secrets: 
APP_NAME=
APP_ENV=
DB_HOST=
DB_DATABASE=
DB_USERNAME=
DB_PASSWORD=
Store placeholders. New developers can copy: 
cp .env.example .env
and fill in their own values.

Production Environments

Production environments often inject variables directly through the hosting platform. Example: 
APP_ENV=production
APP_DEBUG=false
DB_HOST=production-db
In many deployments, a physical .env file may not exist. The framework should work seamlessly regardless of where variables originate. Possible sources: 
Operating System


Container Runtime


Cloud Platform


Application

Environment Variables and Security

Environment variables improve security but are not a complete security solution. Follow these recommendations:

Use Strong Secrets

Good: 
JWT_SECRET=6e43c9...
Avoid: 
JWT_SECRET=password

Rotate Credentials

Periodically update:
  • API keys
  • Database passwords
  • Access tokens
  • Encryption keys

Limit Access

Only authorized personnel should have access to production environment variables.

Common Mistakes

Committing .env

Avoid: 
Git Repository
└── .env
This may expose sensitive information publicly.

Hardcoding Secrets

Avoid: 
const apiKey =
  "secret";
Use: 
Env.get("API_KEY");
instead.

Missing Defaults

Avoid: 
Env.get("PORT");
when a default is appropriate. Prefer: 
Env.get("PORT", 3000);

Skipping Validation

A missing variable can cause failures later. Validate critical variables during startup whenever possible.

Example Configuration Flow

The following diagram illustrates how environment variables move through the application. 
.env


Environment Loader


Config Files


Config Service


Application Code
This separation helps maintain clean architecture and predictable configuration management.

Best Practices

When working with environment variables:
  • Store secrets outside source code
  • Commit .env.example, not .env
  • Use configuration files as an abstraction layer
  • Validate required variables
  • Provide defaults when appropriate
  • Use strong secrets in production
  • Rotate credentials regularly
These practices help create secure and maintainable applications.

What’s Next?

Now that you understand how Bejibun manages configuration and environment-specific settings, it’s time to learn what happens when an HTTP request enters your application. Continue to:
  • Request Lifecycle
The next chapter explores the complete journey of a request—from the moment it reaches the server until a response is returned to the client.