.env- Online

Many frameworks include built-in .env support:

The application reads the file, parses each line, and calls setenv() or the language's equivalent.

One of the most satisfying aspects of the .env file is how it handles different environments. Many frameworks include built-in

The code remains identical. It simply asks: "What is the database URL?" The environment answers differently depending on where the question is asked.

Versioned/backup files: Editors and tools may create backups like ".env-", ".env~", ".env.bak", or ".env-20230401". A file named ".env-" could be a temporary or backup copy created by certain utilities or by accident.

Partial overrides and layering: Systems that layer configuration may use multiple files where base is ".env" and overrides named ".env-local" or ".env-user" (the latter uses the dash).

CI/CD or deployment pipelines: Build scripts or deployment tooling may generate files with names like ".env-" or ".env-" to isolate runs or keep immutable snapshots.

Secret rotation or staging: Teams may keep rotated files like ".env-previous" or ".env-old" when updating secrets.

First, let's define our terms. The standard Twelve-Factor App methodology dictates that configuration should be stored in environment variables. To make local development easier, developers use .env files—plain text files listing key-value pairs (e.g., DB_PASSWORD=supersecret). The code remains identical

The .env- pattern refers to any file that begins with .env followed immediately by a hyphen and then a modifier. Common examples include:

The hyphen is the critical character. It is not a dot (.), an underscore (_), or a slash (/). It is a dash. And in the world of glob patterns, libraries, and operating systems, the dash changes everything. Versioned/backup files: Editors and tools may create backups

Restrict file permissions.

Secrets rotation: Environment variables (including those from .env) can be inspected by processes running under the same user. For production, consider dedicated secrets managers (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault) instead of .env files.

Do not use multiple files in the root directory. Instead, use a single .env file and load different paths programmatically.

# Wrong
.env-production