Public .envrc file, private .env file

I use direnv to manage environments. direnv uses .envrc files to set environment variables.

But for secrets I use .env files.

Example:

# shellcheck shell=bash

# .envrc file of direnv.
# If you use VS Code, please use the `direnv` extension.

# Use nix-direnv
# https://github.com/nix-community/nix-direnv
# Ensures that flake.nix gets evaluated.
use flake

PATH_add scripts
PATH_add node_modules/.bin

# Load variables from .env
dotenv_if_exists

I never want the .env file to be part of a Git repo, because it usually contains credentials (for example GITHUB_TOKEN).

To prevent accidental commits of .env files in all your Git repositories, you can set up a global .gitignore file like above, and add .env to the file.