You create a config file named `.env.example`, which is tracked and committed, that contains the environment variables with default/placeholder values.
The first time you deploy something, you copy `.env.example` to `.env`. Then you change the values of the environment variables in `.env` with production values.
As you develop the project, you'll remove and most likely add environment variables as you extract hard coded things from code into the config file. You'll commit these changes to `.env.example` and then to `.env`