Best Practices

Environment Variables Best Practices for Cloud Apps

Remoud Team · 5 min read · 2026-02-10

Environment variables separate secrets from code. Here are the best practices every developer should follow.

Common Env Vars

PORT=3000
DATABASE_URL=mongodb+srv://user:pass@cluster/db
API_KEY=sk_live_abc123
NODE_ENV=production
SESSION_SECRET=random-32-char-string

Best Practices

1. Never Commit Secrets

Add .env to .gitignore. Use .env.example for docs.

2. Different Values Per Environment

Dev, staging, production should have separate credentials.

3. Validate on Startup

const required = ['DATABASE_URL', 'SESSION_SECRET'];
for (const key of required) {
    if (!process.env[key]) {
        console.error('Missing: ' + key);
        process.exit(1);
    }
}

4. Rotate Regularly

Change secrets periodically, especially when team members leave.

On Remoud

Encrypted at rest (AES-256-GCM)
Injected at runtime
Bulk edit support
Available in web terminal

Ready to deploy?

Get your app live in seconds with Remoud. Free tier available.

Start deploying for free →

Comprehensive Guide to Modern Cloud Deployment & Architecture

In today's fast-paced software development lifecycle, choosing the right deployment strategy and hosting provider is critical. Whether you're a solo developer building a side project or a team scaling an enterprise startup, the fundamentals of cloud infrastructure remain the same.

The Shift to Platform-as-a-Service (PaaS)

Historically, developers had to provision raw Linux Virtual Private Servers (VPS), manually configure Nginx or Apache, set up Let's Encrypt for SSL certificates, and write custom deployment scripts using bash. This process was not only time-consuming but also prone to human error. Every server update, security patch, and auto-scaling event required manual intervention or complex configuration management tools like Ansible or Terraform.

Modern PaaS solutions abstract all of this underlying complexity. By providing a managed platform, developers can focus entirely on writing business logic. The platform handles load balancing, DNS routing, secure socket layers, container orchestration, and real-time logging. This abstraction layer significantly reduces time-to-market for new features and applications.

Continuous Integration and Continuous Deployment (CI/CD)

A robust CI/CD pipeline is the backbone of any modern engineering team. It ensures that code merges to the main branch are automatically tested, built, and shipped to production servers without manual intervention.

Git Push Deployments: The most frictionless way to implement continuous delivery is via Git integration. When developers push code to a specified branch (typically main or master), the PaaS platform detects the changes via webhooks. It then automatically clones the repository, installs dependencies (e.g., npm install or pip require), builds the assets, and hot-swaps the application containers with zero downtime.

This automated workflow eliminates the "it works on my machine" problem, as the build process happens in a standardized, isolated environment.

Containerization with Docker

While some platforms use buildpacks to automatically detect and compile languages like Node.js, Python, Ruby, or Go, Docker provides the ultimate flexibility. Containerization guarantees that the application runs locally exactly as it will in production.

Isolation: Each application runs in its own sandboxed container, ensuring that dependencies don't clash.
Portability: A Docker image can run on a developer's laptop, a staging server, or a production cluster on AWS, Google Cloud, or independent PaaS providers.
Scalability: Orchestration systems can rapidly spin up identical containers to handle sudden spikes in web traffic.

By writing a simple Dockerfile, developers can define their application's exact operating system, runtime, dependencies, and execution commands. Modern PaaS environments ingest these Dockerfiles directly, building and exposing the resulting containers to the public internet securely.

Security Best Practices for Cloud Deployments

Deploying code to the public internet requires serious attention to security natively built into the deployment process.

Environment Variables (Secrets): Never hardcode API keys, database passwords, or JWT secrets in your source code. Use platform-level environment variable managers to inject these secrets at runtime.
Automated SSL/TLS: Applications must be served over HTTPS. Look for platforms that issue, renew, and enforce SSL certificates automatically.
Database Isolation: Ensure your database instances are only accessible to your application containers, utilizing Virtual Private Clouds (VPCs) or strict IP whitelisting to block public internet access to your data.

By leveraging a modern cloud deployment workflow, developers can build more secure, scalable, and maintainable applications with a fraction of the operational overhead required in years past, enabling focus on what truly matters: the product.