- All JavaScript/TypeScript files use ES Modules
- Use
.jsextension with ES Module syntax - Import statements should use the
.jsextension explicitly - No mixing of CommonJS and ES Modules
All environment variables must use SCREAMING_SNAKE_CASE format with clear category prefixes:
-
APP_: Application settings
- APP_NAME
- APP_ENV
- APP_VERSION
- APP_HOST
- APP_PORT
-
DB_: Database settings
- DB_HOST
- DB_PORT
- DB_NAME
- DB_USER
- DB_PASSWORD (managed via Docker secrets)
-
REDIS_: Redis settings
- REDIS_HOST
- REDIS_PORT
- REDIS_PASSWORD (managed via Docker secrets)
-
EMAIL_: Email settings
- EMAIL_HOST
- EMAIL_PORT
- EMAIL_USER
- EMAIL_PASSWORD (managed via Docker secrets)
-
AUTH_: Authentication settings
- AUTH_SECRET (replaces NEXTAUTH_SECRET)
- AUTH_URL (replaces NEXTAUTH_URL)
- AUTH_SESSION_EXPIRES
- AUTH_GOOGLE_CLIENT_ID (managed via Docker secrets)
- AUTH_GOOGLE_CLIENT_SECRET (managed via Docker secrets)
-
CRYPTO_: Cryptographic settings
- CRYPTO_KEY (managed via Docker secrets)
- CRYPTO_SALT_BYTES
- CRYPTO_ITERATIONS
- CRYPTO_KEY_LENGTH
- CRYPTO_ALGORITHM
- Use descriptive names that clearly indicate purpose
- Group related variables with consistent prefixes
- Use boolean flags with IS_ or HAS_ prefix (e.g., IS_PRODUCTION, HAS_FEATURE_X)
- Sensitive values should be managed through Docker secrets
- Default values should be provided in .env.example
- Environment-specific values go in .env.development or .env.production
- Use .env files for environment variables
- Use config.ini for application configuration
- Use docker-compose.yaml for Docker configuration
- Keep secrets in the secrets/ directory
- Use consistent indentation (2 spaces) in all configuration files
- Never commit sensitive data to version control
- Document all configuration options
- Validate environment variables at startup
- Use strong typing for configuration objects
- Centralize configuration management
- Follow the principle of least privilege
- Use meaningful default values
- Keep configuration DRY (Don't Repeat Yourself)