diff --git a/.env b/.env
new file mode 100644
index 0000000000..2d0c0571c2
--- /dev/null
+++ b/.env
@@ -0,0 +1,70 @@
+# Default ENV vars (primarily for the development environment).
+# Create `.env.development.local` or `.env.test.local` to add any local overrides.
+
+# Time zone must match the operating system time zone in order to pass all tests.
+# This string is the key for the MAPPING hash constant in ActiveSupport::TimeZone.
+# Documentation including the hash="https://api.rubyonrails.org/classes/ActiveSupport/TimeZone.html
+TIMEZONE="Melbourne"
+
+# Default country for dropdowns etc. See for codes="http://en.wikipedia.org/wiki/ISO_3166-1
+DEFAULT_COUNTRY_CODE="AU"
+
+# Locale for translation.
+LOCALE="en"
+
+# For multilingual - ENV doesn't have array so pass it as string with commas
+AVAILABLE_LOCALES="en,es"
+
+# Spree zone.
+CHECKOUT_ZONE="Australia"
+
+# Find currency codes at http://en.wikipedia.org/wiki/ISO_4217.
+CURRENCY="AUD"
+
+# The whenever gem can set the `MAILTO` variable for our cron jobs.
+# You can define an email address to notify if any job outputs something.
+# But you need a working mail server setup so that the message is delivered.
+# See: config/schedule.rb
+# SCHEDULE_NOTIFICATIONS="admin@example.com"
+
+# Mail settings
+MAIL_HOST="example.com"
+MAIL_DOMAIN="example.com"
+MAIL_PORT="25"
+SMTP_USERNAME="ofn"
+SMTP_PASSWORD="f00d"
+
+# Optional mail settings
+# MAIL_SECURE_CONNECTION="TLS' # 'None' (default), 'SSL' or 'TLS'
+# MAILS_FROM="hello@example.com"
+# MAIL_BCC="manager@example.com"
+
+# Javascript error reporting via Bugsnag.
+# BUGSNAG_JS_KEY=""
+
+# SingleSignOn login for Discourse
+#
+# DISCOURSE_SSO_SECRET should be a random string. It must be the same as provided to your Discourse instance.
+# DISCOURSE_SSO_SECRET=""
+#
+# DISCOURSE_URL must be the URL of your Discourse instance.
+# DISCOURSE_URL="https://noticeboard.openfoodnetwork.org.au"
+
+# see="https://developers.google.com/maps/documentation/javascript/get-api-key
+# GOOGLE_MAPS_API_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+
+# Stripe Connect details for instance account
+# Find these under 'API keys' and 'Connect' in your Stripe account dashboard -> Account Settings
+# Under 'Connect', the Redirect URI should be set to https://YOUR_SERVER_URL/stripe/callbacks (e.g. https://openfoodnetwork.org.uk/stripe/callbacks)
+# Under 'Webhooks', you should set up a Connect endpoint pointing to https://YOUR_SERVER_URL/stripe/webhooks e.g. (https://openfoodnetwork.org.uk/stripe/webhooks)
+# STRIPE_INSTANCE_SECRET_KEY="sk_test_xxxxxx" # This can be a test key or a live key
+# STRIPE_INSTANCE_PUBLISHABLE_KEY="pk_test_xxxx" # This can be a test key or a live key
+# STRIPE_CLIENT_ID="ca_xxxx" # This can be a development ID or a production ID
+# STRIPE_ENDPOINT_SECRET="whsec_xxxx"
+
+# Feature toggles
+#
+# Adding user emails separated by commas will enable them the use of certain features. See
+# config/initializers/feature_toggles.rb for details.
+#
+# BETA_TESTERS="ofn@example.com,superadmin@example.com"
diff --git a/.env.development b/.env.development
new file mode 100644
index 0000000000..f365aa5e41
--- /dev/null
+++ b/.env.development
@@ -0,0 +1,5 @@
+# ENV vars for the development environment
+# Override locally with `.env.development.local`
+
+SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+
diff --git a/.env.test b/.env.test
new file mode 100644
index 0000000000..6c9d71e9cc
--- /dev/null
+++ b/.env.test
@@ -0,0 +1,4 @@
+# ENV vars for the test environment
+# Override locally with `.env.test.local`
+
+SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
diff --git a/.gitignore b/.gitignore
index e1801dbf1d..e7cf0f0bc4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,9 @@
 .rbenv-version
 .python-version
 .byebug_history
+.env.local
+.env.development.local
+.env.test.local
 .swp
 *.swo
 *.swp