I usually use a .env.example file which contains all non-secret variables filled and all secret variables defined with no value.
The secrets are stored in the secret store of GitHub/GitLab (depending on what I’m using). During deploy the .env.example file is copied to .env and all the secret variables are written into the file (which itself is in .gitignore to avoid accidentally committing the local version on my machine).