A setting kept outside your code — like an API key or database URL — so secrets aren't hard-coded and can differ between your laptop and production. Stored in a .env file locally.