How to copy environment variables without mistakes

The expensive errors are subtle: a trailing space inside quotes, a \\r from Windows line endings, or copying KEY=value when the tool wanted only value. This guide is boring on purpose.

---

1. Copy value only when the consumer expects it

Some UIs want:

export STRIPE_SECRET_KEY=sk_test_abc

Others want just sk_test_abc in a web form. Read the field label before copying.

---

2. Watch trailing newlines and spaces

# Accidental trailing space after value
export FOO="bar "

Symptom: auth works in one tool, fails in another (hash mismatch). Fix: paste into a scratch buffer, trim, re-copy.

---

3. Windows line endings (CRLF)

If a .env came from a Windows editor:

printf '%q\n' "$VAR"   # bash: shows hidden chars awkwardly; od -c is clearer
od -c .env | head

Convert: dos2unix .env (if installed) or re-save as LF in your editor.

---

4. Avoid double-wrapping quotes

Wrong:

export API_KEY='"abc123"'   # value includes literal quotes

Right:

export API_KEY='abc123'

For complex values, prefer heredoc files with chmod 600 — short-lived.

---

5. Clipboard managers

Risk: history retains secrets. Mitigate: exclude password fields / clear history after incidents — clipboard hygiene.

Universal Clipboard: can sync to other devices — auto-lock.

---

6. Verify before destructive operations

# Show length only — not the secret
test -n "$DATABASE_URL" && echo "DATABASE_URL length: ${#DATABASE_URL}"

---

7. Vault-first workflow

Copy from PassStore directly into the target field when possible — fewer intermediate buffers than “open .env in editor, select, copy.”

---

Related

• Where to store .env securely
• Prevent API keys leaking in frontend apps
• Pillar: Environment variable manager