Use case doubt

[leonandroid]

Ok, i'm not understanding very well the point of dotenv, the idea of "removing the secrets from your code" it actually sounds that env is "Putting the secrets in other place" but the other place is just as insecure as leaving it in the code.

So I need to clarify before fully diving on this, is the .env file a real file that needs to be in all my target servers? Take this scenario as an example and tell me if it suits. Btw, this scenario is a REAL LIFE and extremely common-professional application, with huge features, environments, security layers, etc.. top of the top.

1. you have a module federation angular page, runs perfect, but now it needs to connect to the backend. In debug mode (localhost) is all ok, you have an environment.ts file and it working pointing to the backend over here: "http://localhost:1234"

2. Now, the time comes to publish your changes, you have 1 build pipeline that will generate 1 single artifact of your app... furthermore, this CI will generate a docker file, so this image should be able to be placed on ANY server with the exact same version.

3. You start with your QA environment, you deploy the image in QA, so now... the cloud run / app service has an environment variable there that contains the Backend Url... let's say "qapi.mysite.com", you expect this image to connect to backend properly.

4. You deploy same image now to STG so UAT can be performed, in this environment the server is configured with the environment variable "sapi.mysite.com" so you expect this image to connect to backend properly but using the S api.

5. now this image has 100% quality, and UAT is completed, the image is flawless so you ready to deploy the same image in the PROD environment, which the environment variable will point to "api.mysite.com".

This is the real-life scenario of a real professional application.
I want to understand the following:

1. Do I need to create an .env file for each environment and needs to be placed in the destination server? (if that's the case... then it is not really an environment variable, it's an environment FILE, furthermore, it won't work with docker, or with a CD that has the option "Clean Destination Folder" on every deploy.

2. Does it really reads from the environment variables configured in the server? If that's the case, Can I test and confirm it by creating an environment variable (NOT A FILE) on my PC, and demonstrate that I can read it's value?

In backend (C#), this is very simple, you just add the environment variable, and do something like "Environment.GetEnvironmentVariable(variableName, target)" so it ensures me a real usage of environment variables, I'm trying to confirm if dotenv does exactly the same.

For the last, i've been checking several posts that says that it is impossible for angular to read environment variables at run time, it only can do it at build time, so that's why i'm so skeptical about this library being able to really use environment variables, and not Files for each environment.

Regards