Skip to content

Add .env.example templates + update sample READMEs to use safe secret setup #406

New issue
New issue
Open
#407
Open
Add .env.example templates + update sample READMEs to use safe secret setup#406
#407
@goolig

Description

@goolig
goolig
opened on Dec 30, 2025

Title

Add .env.example templates + update sample READMEs to use safe secret setup

Summary

Several samples in this repo instruct users to create a .env file containing API keys (e.g., GEMINI_API_KEY) but the repo does not provide any .env.example / template files. This encourages insecure “copy/paste” workflows and increases the risk of accidentally committing real secrets.

Problem

Today, multiple sample READMEs tell developers to do things like:

  • echo "GEMINI_API_KEY=..." > .env
  • export GEMINI_API_KEY=... and/or append to .env

…but there is no corresponding template file (.env.example, .env.local.example, etc.) that:

  • documents required env vars,
  • distinguishes placeholders vs real secrets,
  • standardizes setup with cp .env.example .env.

This is especially risky in a reference repo because users tend to treat it as “best practice”.

Why this matters (security + developer experience)

  • Reduces accidental secret leakage (commits, screenshots, copy/paste into tickets)
  • Sets a strong precedent for credential hygiene in sample code
  • Makes onboarding faster and more consistent

Proposed change

  1. Add .env.example (or .env.local.example where appropriate) to each sample that requires secrets.

    • Include placeholders + brief comments.
    • Example:
    # Copy to .env and fill values
GEMINI_API_KEY=your_gemini_api_key_here

# Optional:
# GOOGLE_MAPS_API_KEY=your_google_maps_api_key_here

  2. Update sample READMEs to use the standard pattern:

    cp .env.example .env
# edit .env (do not commit)

  3. Ensure .env files are ignored repo-wide:

    • Add to root .gitignore if missing:

      • .env
      • .env.* (optional, depending on conventions)
      • !.env.example (ensure templates are kept)

Acceptance criteria

  • Every sample that needs an API key has a matching .env.example (or .env.local.example) committed
  • All READMEs stop recommending echo "...=REAL_KEY" > .env and instead recommend copying from the template
  • .env is ignored by git while templates remain tracked
  • Quickstart instructions remain copy/paste friendly

Suggested locations (examples)

  • samples/agent/... (ADK sample(s) that require GEMINI_API_KEY)
  • samples/client/... (Angular / other client samples)
  • Any other sample folders referencing *_API_KEY, api_key, GEMINI_API_KEY, etc.

This is standard practice in more mature projects—for example, Vercel’s official Next.js + Supabase example ships a .env.local.example template, and projects like Supabase and n8n include .env.example files as the default onboarding flow for secrets.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions