Validate environment configuration files across local, staging, and production environments. Ensure required secrets, database URLs, API keys, and public variables are properly scoped and set. Use this skill when setting up environments, validating configuration, checking for missing secrets, auditing environment variables, ensuring proper scoping of public vs private vars, or troubleshooting environment issues. Trigger terms include env, environment variables, secrets, configuration, .env file, environment validation, missing variables, config check, NEXT_PUBLIC, env vars, database URL, API keys.
View on GitHubhopeoverture/worldbuilding-app-skills
env-config-validator
plugins/env-config-validator/skills/env-config-validator/SKILL.md
January 21, 2026
Select agents to install to:
npx add-skill https://github.com/hopeoverture/worldbuilding-app-skills/blob/main/plugins/env-config-validator/skills/env-config-validator/SKILL.md -a claude-code --skill env-config-validatorInstallation paths:
.claude/skills/env-config-validator/# Environment Configuration Validator Validate `.env` files across local, staging, and production environments. Ensure all required secrets, database URLs, API keys, and public variables are properly scoped, set, and secure. ## Core Capabilities ### 1. Validate Environment Files To validate environment configuration: - Parse `.env`, `.env.local`, `.env.production`, etc. - Check for required variables - Verify variable naming conventions - Detect security issues (exposed secrets, weak values) - Use `scripts/validate_env.py` for automated validation ### 2. Check Variable Scoping Ensure proper scoping of environment variables: - **Public variables** (`NEXT_PUBLIC_*`): Accessible in browser - **Private variables**: Server-side only - **Database credentials**: Never exposed to client - **API keys**: Properly scoped based on usage ### 3. Cross-Environment Validation Compare configurations across environments: - Identify missing variables in staging/production - Check for environment-specific overrides - Ensure consistency in variable names - Validate environment-specific values (URLs, keys) ### 4. Security Auditing Detect security vulnerabilities in environment configuration: - Exposed secrets in public variables - Weak or default values - Hardcoded credentials in code - Missing required security variables (JWT secrets, encryption keys) ## Validation Rules ### Required Variables Ensure these categories of variables are present: 1. **Database Connection** - `DATABASE_URL` or equivalent - Connection pool settings (optional) 2. **Authentication** - `JWT_SECRET` or `AUTH_SECRET` - OAuth credentials (if using OAuth) - Session secrets 3. **External APIs** - Third-party API keys - Service endpoints - Rate limiting tokens 4. **Application Config** - `NODE_ENV` - `NEXT_PUBLIC_APP_URL` or `APP_URL` - Feature flags (optional) 5. **Email/Notifications** (if used) - SMTP credentials - Email service API keys ### Naming Conve