ln-733-env-configurator
Type: L3 Worker Category: 7XX Project Bootstrap Parent: ln-730-devops-setup
Configures environment variables for development and production environments.
Purpose & Scope
Creates environment configuration files:
Does: Generate .env files, update .gitignore for secrets protection Does NOT: Store secrets, manage external secrets managers, configure CI/CD secrets Inputs Input Source Description Project Name Directory name Used for database/service naming Backend Port Stack-dependent 5000 (.NET), 8000 (Python) Frontend Port Default 3000 Database Port Default 5432 Detected Vars Code analysis Environment variables found in code Outputs File Purpose Template .env.example Documented template env_example.template .env.development Local development defaults env_development.template .env.production Production placeholders env_production.template .gitignore (append) Secrets protection gitignore_secrets.template Workflow Phase 1: Environment Discovery
Scan project for existing environment usage:
Check for existing .env files Search code for process.env, os.environ, Configuration[] Identify which variables are secrets vs configuration
Output: List of required environment variables with types
Phase 2: Variable Classification
Classify discovered variables:
Category Examples Treatment Database DATABASE_URL, POSTGRES_ Auto-generate with project name API Config API_PORT, LOG_LEVEL Use detected or defaults Security JWT_SECRET, API_KEY Placeholder with warning External REDIS_URL, SMTP_ Comment out as optional Phase 3: Template Generation
Generate environment files from templates:
Apply variable substitution Include all discovered variables Add comments for undocumented variables Phase 4: Gitignore Update
Append secrets protection to .gitignore:
Read existing .gitignore (if exists) Check if secrets patterns already present Append missing patterns from template Preserve existing entries Generated File Structure .env.example
Documented template with all variables:
Section headers (Database, Backend, Frontend, Security, External) Descriptive comments for each variable Safe placeholder values (never real secrets) Optional variables commented out .env.development
Ready-to-use development configuration:
Pre-filled values that work with docker-compose Development-only secrets (clearly marked) Debug-level logging enabled .env.production
Production placeholder file:
${VARIABLE} syntax for deployment substitution Comments indicating required secrets Production-appropriate defaults (Warning log level) Security Best Practices Practice Implementation No real secrets Placeholder values only in templates Gitignore protection All .env files except .env.example Development warnings Mark dev secrets as insecure Production guidance Comments about secrets manager usage Key rotation reminder Note about regular secret rotation Security Notes
Generated files include these security reminders:
Never commit real secrets - .gitignore prevents accidental commits Use secrets manager - GitHub Secrets, AWS Secrets Manager for production Rotate secrets regularly - Especially JWT secrets Strong JWT secrets - Minimum 256 bits (32 bytes) Restrict CORS - Only allow necessary origins in production Quality Criteria
Generated files must:
.env.example contains all required variables No real secrets or passwords in any file .gitignore updated with secrets patterns .env.development works with docker-compose .env.production uses placeholder syntax Critical Notes Template-based: Use templates from references/. Do NOT hardcode file contents. Idempotent: Check file existence. Append to .gitignore, don't overwrite. No Real Secrets: Never generate files with actual passwords or API keys. Development Safety: Development defaults should work out-of-box with docker-compose. Reference Files File Purpose env_example.template Documented .env template env_development.template Development defaults env_production.template Production placeholders gitignore_secrets.template .gitignore additions
Version: 1.1.0 Last Updated: 2026-01-10