idea使用.env运行SpringBoot项目

使用.env隔离敏感信息

在基于 Spring Boot 开发的项目中，我们会接触到数据库、Redis、OSS、第三方登录等大量敏感配置和环境相关参数。直接将这些参数硬编码在application.yml中存在诸多问题，而通过.env文件管理环境变量，能让项目开发、协作、部署更规范、更安全。

修改yml文件

把敏感信息使用占位符代替，例如下面

server:
  port: ${SERVER_PORT:8080}

spring:
  mvc:
    pathmatch:
      matching-strategy: ant_path_matcher
  application:
    name: BlogApplication
  # MySQL
  datasource:
    type: com.alibaba.druid.pool.DruidDataSource
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://${MYSQL_HOST:localhost}:${MYSQL_PORT:3306}/${MYSQL_DB:blog}?serverTimezone=Asia/Shanghai&allowMultiQueries=true&rewriteBatchedStatements=true
    username: ${MYSQL_USER:root}
    password: ${MYSQL_PASSWORD:}
    druid:
      initial-size: 10
      min-idle: 10
      max-active: 150
      max-wait: 60000
      time-between-eviction-runs-millis: 60000
      min-evictable-idle-time-millis: 600000
      max-evictable-idle-time-millis: 900000
      validation-query: SELECT 1 FROM DUAL
      validation-query-timeout: 500
      test-while-idle: true
      test-on-borrow: false
      test-on-return: false
  # 文件上传限制
  servlet:
    multipart:
      max-request-size: 100MB
      max-file-size: 100MB
  # Redis
  redis:
    host: ${REDIS_HOST:localhost}
    port: ${REDIS_PORT:6379}
    password: ${REDIS_PASSWORD:}
    timeout: 10s
    lettuce:
      pool:
        max-active: 150
        max-wait: 5000ms
        max-idle: 100
        min-idle: 50
  # 邮箱
  mail:
    host: ${MAIL_HOST:smtp.qq.com}
    username: ${MAIL_USERNAME:}
    password: ${MAIL_PASSWORD:}
    properties:
      mail:
        smtp:
          auth: true
          starttls:
            enable: true
          ssl:
            enable: true
#  rabbitmq:
#    host: ${RABBITMQ_HOST:localhost}
#    port: ${RABBITMQ_PORT:5672}
#    username: ${RABBITMQ_USER:guest}
#    password: ${RABBITMQ_PASSWORD:guest}

# 博客链接
blog:
  url: ${BLOG_URL:http://localhost:1314/}

# 线程池
thread:
  pool:
    core-pool-size: 5
    max-pool-size: 10
    queue-capacity: 50
    keep-alive-seconds: 60

# 搜索模式 elasticsearch、mysql
search:
  mode: ${SEARCH_MODE:mysql}

# 文件上传策略 local、oss、cos
upload:
  strategy: ${UPLOAD_STRATEGY:oss}
  local:
    url: ${UPLOAD_LOCAL_URL:https://static.ttkwsd.top/}
    path: ${UPLOAD_LOCAL_PATH:/usr/local/upload/}
  oss:
    url: ${OSS_URL:}
    endpoint: ${OSS_ENDPOINT:}
    bucketName: ${OSS_BUCKET:}
    accessKeyId: ${OSS_ACCESS_KEY_ID:}
    accesskeySecret: ${OSS_ACCESS_KEY_SECRET:}

# MyBatis-Plus
mybatis-plus:
  mapper-locations: classpath:mapper/*.xml
  type-aliases-package: com.ican.entity
  configuration:
    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
    map-underscore-to-camel-case: true
  global-config:
    db-config:
      table-prefix: t_

# Elasticsearch
elasticsearch:
  enabled: ${ES_ENABLED:false}
  username: ${ES_USERNAME:elastic}
  password: ${ES_PASSWORD:}
  hostname: ${ES_HOST:localhost}
  port: ${ES_PORT:9200}
  connectTimeout: 3000
  socketTimeout: 30000
  connectionRequestTimeout: 1000

# Sa-Token
sa-token:
  token-name: Authorization
  token-prefix: Bearer
  timeout: -1
  active-timeout: -1
  auto-renew: false
  is-concurrent: true
  token-style: uuid
  is-share: false
  max-login-count: 20
  is-read-cookie: false
  is-read-body: false
  is-read-header: true
  is-log: false

# 第三方登录
oauth:
  gitee:
    client-id: ${OAUTH_GITEE_CLIENT_ID:}
    client-secret: ${OAUTH_GITEE_CLIENT_SECRET:}
    grant_type: authorization_code
    redirect-uri: ${OAUTH_GITEE_REDIRECT:https://your-domain.com/oauth/login/gitee}
    access-token-url: https://gitee.com/oauth/token
    user-info-url: https://gitee.com/api/v5/user?access_token={access_token}
  github:
    client-id: ${OAUTH_GITHUB_CLIENT_ID:}
    client-secret: ${OAUTH_GITHUB_CLIENT_SECRET:}
    redirect-url: ${OAUTH_GITHUB_REDIRECT:https://your-domain.com/oauth/login/github}
    access-token-url: https://github.com/login/oauth/access_token
    user-info-url: https://api.github.com/user
  qq:
    app-id: ${OAUTH_QQ_APP_ID:}
    app-key: ${OAUTH_QQ_APP_KEY:}
    grant_type: authorization_code
    redirect-url: ${OAUTH_QQ_REDIRECT:https://your-domain.com/oauth/login/qq}
    access-token-url: https://graph.qq.com/oauth2.0/token
    user-openid-url: https://graph.qq.com/oauth2.0/me
    user-info-url: https://graph.qq.com/user/get_user_info

# AI 对话
ai:
  deepseek:
    api-key: ${AI_API_KEY:}
    api-url: ${AI_API_URL:https://api.deepseek.com/chat/completions}
    model: ${AI_MODEL:deepseek-chat}
    system-prompt: ${AI_SYSTEM_PROMPT:你是一个博客智能助手，帮助用户解答技术问题。请用简洁、专业的中文回答，支持 Markdown 格式。如果问题与编程、技术无关，也可以友好地回答。}

# B站图片上传
bili-url: https://api.bilibili.com/x/dynamic/feed/draw/upload_bfs

这样就会把敏感信息隔离了。

把敏感信息写入另一个文件

在更目录创建一个.env，具体的格式如下，初始化你的变量

# ============================================================
#  本地开发环境变量模板
#  复制为 .env 并填入真实值：cp .env.example .env
#  spring-dotenv 会自动加载 .env 文件
# ============================================================

# -------- MySQL --------
MYSQL_HOST=localhost
MYSQL_PORT=3306
MYSQL_DB=blog
MYSQL_USER=root
MYSQL_PASSWORD=your_password

# -------- Redis --------
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_PASSWORD=

# -------- 邮箱 --------
MAIL_HOST=smtp.qq.com
MAIL_USERNAME=your_email@qq.com
MAIL_PASSWORD=your_smtp_auth_code

# -------- 博客地址 --------
BLOG_URL=http://localhost:1314/

# -------- 搜索模式 (mysql / elasticsearch) --------
SEARCH_MODE=mysql

# -------- 文件上传 (local / oss / cos) --------
UPLOAD_STRATEGY=oss
OSS_URL=https://your-bucket.oss-cn-beijing.aliyuncs.com/
OSS_ENDPOINT=oss-cn-beijing.aliyuncs.com
OSS_BUCKET=your-bucket
OSS_ACCESS_KEY_ID=your_key
OSS_ACCESS_KEY_SECRET=your_secret

# -------- Elasticsearch --------
ES_ENABLED=false

# -------- 第三方登录（可选）--------
OAUTH_GITEE_CLIENT_ID=
OAUTH_GITEE_CLIENT_SECRET=
OAUTH_GITHUB_CLIENT_ID=
OAUTH_GITHUB_CLIENT_SECRET=
OAUTH_QQ_APP_ID=
OAUTH_QQ_APP_KEY=

# -------- AI（可选）--------
AI_API_KEY=
AI_API_URL=https://api.deepseek.com/chat/completions
AI_MODEL=deepseek-chat

项目运行的时候使用这个文件即可。

项目启动使用.env

1. 打开Edit Configurations..

2. 打开Modify options

3. 勾选

4. 选择文件

这样就可以直接使用.env上传文件，yml安心上传到仓库