[patched] - .env.local.production

NEXT_PUBLIC_API_URL=https://api.example.com SECRET_API_KEY=your_secret_key_here

You might wonder why you wouldn't just use .env.production . The answer lies in the distinction between and sensitive secrets . 1. Security and Secrets .env.local.production

To understand why this specific file exists, it helps to look at the naming convention used by frameworks (most notably Next.js): NEXT_PUBLIC_API_URL=https://api

You must manually handle the loading order. .env.local.production

If you are deploying your app to a VPS (like DigitalOcean or Linode) manually, you might not want to hardcode your production database password into .env.production (which is usually tracked in Git). Instead, you create a .env.local.production file directly on the server. The app will prioritize it, keeping your secrets out of the codebase. 3. Avoiding Git Conflicts