infra-config-setup-env
Environment Management
Quick Guide: Per-app .env files. Framework-specific prefixes (
NEXT_PUBLIC_*for Next.js,VITE_*for Vite). Zod validation at startup. Maintain .env.example templates. Never commit secrets (.gitignore). Environment-based feature flags.
<critical_requirements>
CRITICAL: Before Using This Skill
All code must follow project conventions in CLAUDE.md (kebab-case, named exports, import ordering,
import type, named constants)
(You MUST validate ALL environment variables with Zod at application startup)
(You MUST use framework-specific prefixes for client-side variables - NEXT_PUBLIC_* for Next.js, VITE_* for Vite)
(You MUST maintain .env.example templates with ALL required variables documented)
(You MUST never commit secrets to version control - use .env.local and CI secrets)
(You MUST use per-app .env files - NOT root-level .env files)
</critical_requirements>
Auto-detection: Environment variables, .env files, Zod validation, t3-env, @t3-oss/env, secrets management, NEXT_PUBLIC_ prefix, VITE_ prefix, feature flags, z.stringbool
When to use:
- Setting up Zod validation for type-safe environment variables at startup
- Managing per-app .env files with framework-specific prefixes
- Securing secrets (never commit, use .env.local and CI secrets)
- Implementing environment-based feature flags
When NOT to use:
- Runtime configuration changes (use an external feature flag service)
- User-specific settings (use database or user preferences)
- Frequently changing values (use configuration API or database)
- Complex A/B testing with gradual rollouts (use a dedicated feature flag service)
Key patterns covered:
- Per-app .env files (not root-level, prevents conflicts)
- Zod validation at startup for type safety and early failure
- T3 Env pattern for Next.js/Vite projects (recommended)
- Framework-specific prefixes (
NEXT_PUBLIC_*for client,VITE_*for Vite client) - .env.example templates for documentation and onboarding
Detailed Resources:
- For code examples, see examples/ folder:
- examples/core.md - Essential patterns (per-app .env, Zod validation)
- examples/t3-env.md - T3 Env pattern for Next.js/Vite (recommended)
- examples/naming-and-templates.md - Framework prefixes, .env.example
- examples/security-and-secrets.md - Secret management
- examples/feature-flags-and-config.md - Feature flags, centralized config
- For decision frameworks and anti-patterns, see reference.md
Philosophy
Environment management follows the principle that configuration is code -- it should be validated, typed, and versioned. The system uses per-app .env files with framework-specific prefixes, Zod validation at startup, and strict security practices to prevent secret exposure.
Core Patterns
Pattern 1: Per-App Environment Files
Each app/package has its own .env file to prevent conflicts and clarify ownership.
File Structure
apps/
├── client-next/
│ ├── .env # Local development (NEXT_PUBLIC_API_URL)
│ └── .env.production # Production overrides
├── client-react/
│ ├── .env # Local development
│ └── .env.production # Production overrides
└── server/
├── .env # Local server config
├── .env.example # Template for new developers
└── .env.local.example # Local overrides template
packages/
├── api/
│ └── .env # API package config
└── api-mocks/
└── .env # Mock server config
File Types and Purpose
.env- Default development values (committed for apps, gitignored for sensitive packages).env.example- Documentation template (committed, shows all required variables).env.local- Local developer overrides (gitignored, takes precedence over.env).env.production- Production configuration (committed or in CI secrets).env.local.example- Local override template (committed)
Loading Order and Precedence
Next.js loading order (highest to lowest priority):
process.env(already set in environment).env.$(NODE_ENV).local(e.g.,.env.production.local).env.local(not loaded whenNODE_ENV=test).env.$(NODE_ENV)(e.g.,.env.production).env
Vite loading order:
.env.[mode].local(e.g.,.env.production.local).env.[mode](e.g.,.env.production).env.local.env
Exception: Shared variables can go in your build tool's env configuration for cache invalidation
See examples/core.md for complete code examples.
Pattern 2: Type-Safe Environment Variables with Zod
Validate environment variables at application startup using Zod schemas. Define a schema, parse at startup, export a typed env object.
// lib/env.ts
const envSchema = z.object({
VITE_API_URL: z.string().url(),
VITE_API_TIMEOUT: z.coerce.number().default(DEFAULT_API_TIMEOUT_MS),
VITE_ENABLE_ANALYTICS: z.stringbool().default(false), // Zod 4+ (NOT z.coerce.boolean())
});
export const env = envSchema.parse(import.meta.env);
Key gotchas:
z.coerce.boolean()converts"false"totrue(string is truthy) - always usez.stringbool()instead- Use
error.issues(noterror.errors) for Zod 4 error handling
Note: For Next.js/Vite projects, consider T3 Env (
@t3-oss/env-nextjsor@t3-oss/env-core) for client/server variable separation and build-time validation. See examples/t3-env.md.
See examples/core.md for complete good/bad comparisons.
Pattern 3: Framework-Specific Naming Conventions
Use framework-specific prefixes for client-side variables and SCREAMING_SNAKE_CASE for all environment variables.
Mandatory Conventions
- SCREAMING_SNAKE_CASE - All environment variables use uppercase with underscores
- Descriptive names - Variable names clearly indicate purpose
- Framework prefixes - Use
NEXT_PUBLIC_*(Next.js) orVITE_*(Vite) for client-side variables
Framework Prefixes
Next.js:
NEXT_PUBLIC_*- Client-side accessible (embedded in bundle) - use for API URLs, public keys, feature flags- No prefix - Server-side only (database URLs, secret keys, API tokens)
Vite:
VITE_*- Client-side accessible (embedded in bundle) - use for API URLs, public configuration- No prefix - Build-time only (not exposed to client)
Node.js/Server:
NODE_ENV- Standard environment (development,production,test)PORT- Server port number- No prefix - All variables available server-side
See examples/naming-and-templates.md for complete code examples with good/bad comparisons.
Integration Guide
Core dependencies:
- Zod (v4+): Runtime validation and type inference for environment variables
- T3 Env (
@t3-oss/env-nextjs,@t3-oss/env-core): Recommended wrapper for client/server separation
Framework support:
- Next.js: Automatic .env file loading with
NEXT_PUBLIC_*prefix for client-side - Vite: Automatic .env file loading with
VITE_*prefix for client-side
Monorepo considerations:
- Declare shared env vars in your build tool's env configuration for cache invalidation
- Use per-app .env files even in monorepos to prevent conflicts
Replaces / Conflicts with:
- Hardcoded configuration values (use env vars instead)
- Runtime feature flag services for simple boolean flags (use env vars first, upgrade when needing gradual rollouts)
<decision_framework>
Decision Framework
See reference.md for complete decision frameworks including environment configuration and feature flag decisions.
</decision_framework>
<red_flags>
RED FLAGS
High Priority Issues:
- Committing secrets to version control (.env files with real credentials)
- Using environment variables directly without Zod validation (causes runtime errors)
- Using
NEXT_PUBLIC_*orVITE_*prefix for secrets (embeds in client bundle)
Medium Priority Issues:
- Missing .env.example documentation (poor onboarding experience)
- Using production secrets in development (security risk)
- Root-level .env in monorepo (causes conflicts)
Gotchas:
- Next.js/Vite embed prefixed variables at build time, not runtime - requires rebuild to change
- Environment variables are strings - use
z.coerce.number()for numbers, usez.stringbool()for booleans (Zod 4+) - CRITICAL:
z.coerce.boolean()converts "false" totrue(string is truthy) - usez.stringbool()(Zod 4+) instead - Empty string env vars are NOT
undefined- use T3 Env'semptyStringAsUndefined: trueoption - Monorepo build tool caches may NOT be invalidated by env changes unless declared in the tool's env configuration
See reference.md for complete RED FLAGS, anti-patterns, and checklists.
</red_flags>
<critical_reminders>
CRITICAL REMINDERS
All code must follow project conventions in CLAUDE.md
(You MUST validate ALL environment variables with Zod at application startup)
(You MUST use framework-specific prefixes for client-side variables - NEXT_PUBLIC_* for Next.js, VITE_* for Vite)
(You MUST maintain .env.example templates with ALL required variables documented)
(You MUST never commit secrets to version control - use .env.local and CI secrets)
(You MUST use per-app .env files - NOT root-level .env files)
Failure to follow these rules will cause runtime errors, security vulnerabilities, and configuration confusion.
</critical_reminders>
More from agents-inc/skills
web-animation-css-animations
CSS Animation patterns - transitions, keyframes, scroll-driven animations, @property, GPU-accelerated properties, accessibility with prefers-reduced-motion
20web-testing-playwright-e2e
Playwright E2E testing patterns - test structure, Page Object Model, locator strategies, assertions, network mocking, visual regression, parallel execution, fixtures, and configuration
18web-animation-view-transitions
View Transitions API patterns - same-document transitions, cross-document MPA transitions, shared element animations, pseudo-element styling, accessibility
17web-animation-framer-motion
Motion (formerly Framer Motion) animation patterns - motion components, variants, gestures, layout animations, scroll-linked animations, accessibility
17web-styling-cva
Class Variance Authority - type-safe component variant styling with cva(), compound variants, and VariantProps
16web-i18n-next-intl
Type-safe i18n for Next.js App Router
16