[TIPS] shopify.app.toml might be better to be gitignored and used for local development only

**From the perspective of .env **, it might be better to shopify.app.toml be used for local development only.


Remix app has a useful solution that .env is loaded automatically to override environment variables in local development.

on the other hand, shopify app deploy (without -c option) load .env by default.

This means…, there’s a possibility that you deploy extension which includes local environment variable to production unintentionally in the following situation.

  • use .env to override environment variables for local remix app
  • have extensions that use process.env.XXX which is defined in .env
  • deploy extensions to production using shopify app deploy in local machine

In this condition, production deploy command (shopify app deploy) running in local machine injects .env variables and deploys to production.

my solution

I use .env if I need and I make shopify.app.toml be gitignored for local development not to be used for production.

I also put a shopify.app.production.toml to link production shopify app setting and define environment variables in deploy server like github action then run deploy command for production like this.

$ shopify app deploy -c production 

This solution prevents from leaking .env in production extensions.