docs: add environment variables in configure your server (#1743)

docs/content/usage/configurations.md

@@ -111,6 +111,14 @@ module.exports = {
 
 Where `database_type` is `postgres` and `DATABASE_URL` is the URL connection string to your PostgreSQL database. You can check out how to format it in [PostgreSQL’s documentation](https://www.postgresql.org/docs/current/libpq-connect.html).
 
+It is recommended to set the Database URL as an environment variable:
+
+```bash
+DATABASE_URL=<YOUR_DATABASE_URL>
+```
+
+Where `<YOUR_DATABASE_URL>` is the URL of your PostgreSQL database.
+
 ### Common Configuration
 
 As Medusa internally uses [Typeorm](https://typeorm.io/) to connect to the database, the following configurations are also available:
@@ -145,13 +153,21 @@ module.exports = {
 
 Where `REDIS_URL` is the URL used to connect to Redis. The format of the connection string is `redis[s]://[[username][:password]@][host][:port][/db-number]`.
 
+If you omit this configuration, events will not be emitted and subscribers will not work.
+
 :::tip
 
 By default, the Redis connection string should be `redis://localhost:6379` unless you made any changes to the default configurations during the installation.
 
 :::
 
-If you omit this configuration, events will not be emitted and subscribers will not work.
+It is recommended to set the Redis URL as an environment variable:
+
+```bash
+REDIS_URL=<YOUR_REDIS_URL>
+```
+
+Where `<YOUR_REDIS_URL>` is the URL of your Redis server.
 
 :::info
 
@@ -174,6 +190,14 @@ module.exports = {
 
 Where `jwt_secret` is the secret used to create the tokens. The more secure it is the better.
 
+It is recommended to set the JWT Secret as an environment variable:
+
+```bash
+JWT_SECRET=<YOUR_JWT_SECRETL>
+```
+
+Where `<YOUR_JWT_SECRETL>` is the JWT secret you want to use.
+
 :::caution
 
 In a development environment, if this option is not set the default secret is “supersecret”. However, in production, if this option is not set an error will be thrown and your server will crash.
@@ -195,6 +219,14 @@ module.exports = {
 
 Where `cookie_secret` is the secret used to create the tokens. The more secure it is the better.
 
+It is recommended to set the Cookie secret as an environment variable:
+
+```bash
+COOKIE_SECRET=<YOUR_COOKIE_SECRETL>
+```
+
+Where `<YOUR_COOKIE_SECRETL>` is the Cookie secret you want to use.
+
 :::caution
 
 In a development environment, if this option is not set the default secret is “supersecret”. However, in production, if this option is not set an error will be thrown and your server will crash.
@@ -216,6 +248,14 @@ module.exports = {
 
 Where `ADMIN_CORS` is the URL of your admin dashboard. By default, it’s `http://localhost:7000,http://localhost:7001`.
 
+It is recommended to set the Admin CORS as an environment variable:
+
+```bash
+ADMIN_CORS=<YOUR_ADMIN_CORS>
+```
+
+Where `<YOUR_ADMIN_CORS>` is the URL of your admin dashboard.
+
 ## Storefront CORS
 
 Medusa uses CORS to only allow specific origins to access the server. To make sure your Storefront dashboard can access the Medusa server, set this configuration:
@@ -231,6 +271,14 @@ module.exports = {
 
 Where `STORE_CORS` is the URL of your storefront. By default, it’s `http://localhost:8000`.
 
+It is recommended to set the Storefront CORS as an environment variable:
+
+```bash
+STORE_CORS=<YOUR_STORE_CORS>
+```
+
+Where `<YOUR_STORE_CORS>` is the URL of your storefront.
+
 ## Plugins
 
 On your Medusa server, you can use Plugins to add custom features or integrate third-party services. For example, installing a plugin to use Stripe as a payment provider.
@@ -279,6 +327,12 @@ const plugins = [
 ];
 ```
 
+:::tip
+
+It is recommended to use environment variables to store values of options instead of hardcoding them in `medusa-config.js`.
+
+:::
+
 ## What’s Next 🚀
 
 - Check out our [Next.js](../starters/nextjs-medusa-starter.md) and [Gatsby](../starters/gatsby-medusa-starter.md) starter storefronts.