What does the dotenv File Line regex match?

Matches a .env file variable line with optional export prefix, quoted or unquoted values, and inline comments.

Is the dotenv File Line regex ReDoS-safe?

Yes. Manually audited and tested against ReDoS attack strings. Anchors and possessive-style constraints prevent runaway backtracking paths.

How do I use this regex in python?

import re pattern = re.compile(r'^(?:export\s+)?([A-Za-z_][A-Za-z0-9_]{0,254})\s*=\s*(?:"([^"]*)"|'([^']*)'|([^#\n]*?))?\s*(?:#.*)?$') is_valid = bool(pattern.match(input_str))

Dev & Systems/Environment

Verified Safe

dotenv File Line Regex for Python

/^(?:export\s+)?([A-Za-z_][A-Za-z0-9_]{0,254})\s*=\s*(?:"([^"]*)"|'([^']*)'|([^#\n]*?))?\s*(?:#.*)?$/

What this pattern does

This page provides a comprehensive, battle-tested regular expression for matching dotenv file line, ported and verified for Python. A rigorously tested regex reduces debugging time and protects your application from edge-case failures. The snippet below is ready to drop into your Python project — whether you're validating in a Django view, a FastAPI endpoint, or a standalone data processing script.

Python Implementation

Python

# dotenv File Line
# ReDoS-safe | RegexVault — Dev & Systems > Environment

import re

dotenv_file_line_pattern = re.compile(r'^(?:export\s+)?([A-Za-z_][A-Za-z0-9_]{0,254})\s*=\s*(?:"([^"]*)"|'([^']*)'|([^#\n]*?))?\s*(?:#.*)?$')

def validate_dotenv_file_line(value: str) -> bool:
    return bool(dotenv_file_line_pattern.fullmatch(value))

# Example
print(validate_dotenv_file_line("NODE_ENV=production"))  # True

Test Cases

Matches (Valid)	Rejects (Invalid)
`NODE_ENV=production`	`=value`
`PORT=3000 # comment`	`1VAR=value`
`DB_URL="postgres://user:pass@db:5432/app"`	`# this is a comment`
`export SECRET='my-secret'`	`VAR NAME=value`
`EMPTY=`	—

When to use this pattern

This pattern is drawn from the Dev & Systems > Environment category and carries a ReDoS-safe certification. That matters for Python developers because particularly important in Python web servers where CPU-bound regex operations can stall concurrent request handling. RegexVault audits patterns against known backtracking attack vectors, ensuring you have the necessary context before using this regex in a high-stakes production environment.

Common Pitfalls

Multi-line values in double quotes are valid in some .env parsers but not others. Never commit .env files containing secrets to version control.

Technical Notes

Groups: 1=key, 2=double-quoted value, 3=single-quoted value, 4=unquoted value. Comment lines starting with # fail this pattern — skip them explicitly. Use a dedicated .env parser for production.

Have a pattern that belongs in the vault?

Submit it for review — community-verified patterns get credited to your GitHub handle. Free submissions join the queue. Priority review available for $15.

Submit a Pattern