.gitignore

@@ -40,3 +40,5 @@ yarn-error.log*
 *.tsbuildinfo
 next-env.d.ts
 certificate (5).zip
+.env.dev
+.env.prod

ENV_FILES.md

@@ -0,0 +1,51 @@
+# Environment Files Setup
+
+## Overview
+Environment variables are stored securely in `/etc/frontend/` and accessed via symlinks in this directory.
+
+## File Structure
+```
+/etc/frontend/
+├── dev.env   (systemd environment for dev)
+└── prod.env  (systemd environment for prod)
+
+/home/sonder/ld-sysinfo-react-frontend/
+├── .env.dev  -> /etc/frontend/dev.env  (symlink)
+└── .env.prod -> /etc/frontend/prod.env (symlink)
+```
+
+## Editing Environment Variables
+
+You can edit these files directly from VSCode:
+- `.env.dev` - Development environment (port 3002)
+- `.env.prod` - Production environment (port 3001)
+
+**Note:** You need to be in the `frontend-devs` group to edit these files. Both `sonder` and `deploy` users are members.
+
+## After Editing
+
+After making changes to environment files, restart the relevant service:
+
+```bash
+# For development
+sudo systemctl restart frontend@dev
+
+# For production
+sudo systemctl restart frontend@prod
+```
+
+## Environment Variables
+
+Both files contain:
+- `PORT` - Server port (3002 for dev, 3001 for prod)
+- `API_BASE_URL` - Server-side API endpoint
+- `NEXT_PUBLIC_API_BASE_URL` - Client-side API endpoint
+- `DB_HOST`, `DB_USER`, `DB_PASSWORD`, `DB_NAME` - Database credentials
+- `NVD_API_KEY` - API key for CVE data
+
+## Security Notes
+
+- Files are stored in `/etc/frontend/` with `660` permissions (owner: root, group: frontend-devs)
+- Only root and members of `frontend-devs` group can read/write
+- Files are **not** committed to git (listed in `.gitignore`)
+- Symlinks are safe to commit as they don't contain sensitive data