Add functionality to avoid support for .env files

[Juansecu]

Is there an existing issue that is already proposing this?

• I have searched the existing issues

Is your feature request related to a problem? Please describe it

.env files are really good for development purposes, but for production purposes, they could mean a security issue, because, if an attacker gains access to application's files, they will be able to get sensitive data for the functionality of any application using @nestjs/config module.

Said this, the support for .env files should be configurable.

Describe the solution you'd like

Add a property in the module options for avoiding to load .env files, so environment variables are only retrieved from the Operating System.

Teachability, documentation, adoption, migration strategy

No response

What is the motivation / use case for changing the behavior?

The motivation of adding this feature is improving the security of Nest.js applications in production environments.

[micalevisk]

what's wrong with ignoreEnvFile flag? as mentioned in the docs https://docs.nestjs.com/techniques/configuration#disable-env-variables-loading

[Juansecu]

@micalevisk Oh, didn't know that property existed 😅. Sorry, my bad!

By the way, I will have to test it out before closing this issue, if you don't mind.