diff --git a/javascript/angular-todo-davinci/.env.example b/javascript/angular-todo-davinci/.env.example
index a452b93f..c6c687c3 100644
--- a/javascript/angular-todo-davinci/.env.example
+++ b/javascript/angular-todo-davinci/.env.example
@@ -1,6 +1,6 @@
-API_URL=$API_URL
-DEVELOPMENT=$DEVELOPMENT
-PORT=$PORT
-WEB_OAUTH_CLIENT=$WEB_OAUTH_CLIENT
+API_URL=
+DEVELOPMENT=
+PORT=
+WEB_OAUTH_CLIENT=
 SCOPE="openid profile email phone revoke"
-WELLKNOWN_URL=$WELLKNOWN_URL
\ No newline at end of file
+WELLKNOWN_URL=
diff --git a/javascript/angular-todo/.env.example b/javascript/angular-todo/.env.example
index e3756f0f..9fe86779 100644
--- a/javascript/angular-todo/.env.example
+++ b/javascript/angular-todo/.env.example
@@ -1,13 +1,13 @@
-# APP_URL=$APP_URL # not using this for preview-environment instead, we can use window.location.origin
-SERVER_URL=$SERVER_URL
-API_URL=$API_URL
+# APP_URL= # not using this for preview-environment instead, we can use window.location.origin
+SERVER_URL=
+API_URL=
 DEBUGGER_OFF=true
-DEVELOPMENT=$DEVELOPMENT
-JOURNEY_LOGIN=$JOURNEY_LOGIN
-JOURNEY_REGISTER=$JOURNEY_REGISTER
-PORT=$PORT
-REALM_PATH=$REALM_PATH
-REST_OAUTH_CLIENT=$REST_OAUTH_CLIENT
-REST_OAUTH_SECRET=$REST_OAUTH_SECRET
-WEB_OAUTH_CLIENT=$WEB_OAUTH_CLIENT
-CENTRALIZED_LOGIN=$CENTRALIZED_LOGIN
+DEVELOPMENT=
+JOURNEY_LOGIN=
+JOURNEY_REGISTER=
+PORT=
+REALM_PATH=
+REST_OAUTH_CLIENT=
+REST_OAUTH_SECRET=
+WEB_OAUTH_CLIENT=
+CENTRALIZED_LOGIN=
diff --git a/javascript/central-login-oidc/.env.example b/javascript/central-login-oidc/.env.example
index 0673f1d4..a8bb89b9 100644
--- a/javascript/central-login-oidc/.env.example
+++ b/javascript/central-login-oidc/.env.example
@@ -1,6 +1,7 @@
-SCOPE=$SCOPE // For using "PINGONE" as the server type, the `revoke` scope must be set as well.
-TIMEOUT=$TIMEOUT
-WEB_OAUTH_CLIENT=$WEB_OAUTH_CLIENT
-NX_NO_CLOUD=true
-WELL_KNOWN=$WELL_KNOWN
-SERVER_TYPE=$SERVER_TYPE // SET THIS TO "PINGONE" for use with PingOne or PingFed backend products or to "AIC" for Ping Advanced Identity Cloud or AM.
\ No newline at end of file
+# For using "PINGONE" as the server type, the `revoke` scope must be set as well.
+SCOPE=
+TIMEOUT=
+WEB_OAUTH_CLIENT=
+WELL_KNOWN=
+# SET THIS TO "PINGONE" for use with PingOne or PingFed backend products or to "AIC" for Ping Advanced Identity Cloud or AM.
+SERVER_TYPE=
diff --git a/javascript/embedded-login-davinci/.env.example b/javascript/embedded-login-davinci/.env.example
index 852750c8..150b26f7 100644
--- a/javascript/embedded-login-davinci/.env.example
+++ b/javascript/embedded-login-davinci/.env.example
@@ -1,4 +1,4 @@
-VITE_SCOPE=$SCOPE
-VITE_WEB_OAUTH_CLIENT=$WEB_OAUTH_CLIENT
-VITE_WELLKNOWN_URL=$WELLKNOWN_URL
+VITE_SCOPE=
+VITE_WEB_OAUTH_CLIENT=
+VITE_WELLKNOWN_URL=
 
diff --git a/javascript/embedded-login/.env.example b/javascript/embedded-login/.env.example
index 833b8268..b385ecdd 100644
--- a/javascript/embedded-login/.env.example
+++ b/javascript/embedded-login/.env.example
@@ -1,6 +1,6 @@
-SERVER_URL=$SERVER_URL
-REALM_PATH=$REALM_PATH
-SCOPE=$SCOPE
-TIMEOUT=$TIMEOUT
-TREE=$TREE  # Remove the TREE variable to use the default tree/journey
-WEB_OAUTH_CLIENT=$WEB_OAUTH_CLIENT
+SERVER_URL=
+REALM_PATH=
+SCOPE=
+TIMEOUT=
+TREE=
+WEB_OAUTH_CLIENT=
diff --git a/javascript/reactjs-todo-davinci/.env.example b/javascript/reactjs-todo-davinci/.env.example
index 0dee1a13..35caf190 100644
--- a/javascript/reactjs-todo-davinci/.env.example
+++ b/javascript/reactjs-todo-davinci/.env.example
@@ -1,11 +1,13 @@
-API_URL=$API_URL
+API_URL=
 DEBUGGER_OFF=true
-DEVELOPMENT=$DEVELOPMENT
-PORT=$PORT
-WEB_OAUTH_CLIENT=$WEB_OAUTH_CLIENT
+DEVELOPMENT=
+PORT=
+WEB_OAUTH_CLIENT=
 SCOPE="openid profile email phone name revoke"
-WELLKNOWN_URL=$WELLKNOWN_URL
-INIT_PROTECT=$INIT_PROTECT  # bootstrap | flow
-                            # 'bootstrap' will initialize protect at app bootstrap time
-                            # 'flow' relies on the PingOne Protect collector for initialization
-PINGONE_ENV_ID=$PINGONE_ENV_ID  # required when ProtectCollector is present
\ No newline at end of file
+WELLKNOWN_URL=
+# bootstrap | flow
+# 'bootstrap' will initialize protect at app bootstrap time
+# 'flow' relies on the PingOne Protect collector for initialization
+INIT_PROTECT=
+# required when ProtectCollector is present
+PINGONE_ENV_ID=
diff --git a/javascript/reactjs-todo/.env.example b/javascript/reactjs-todo/.env.example
index df2306a8..04562038 100644
--- a/javascript/reactjs-todo/.env.example
+++ b/javascript/reactjs-todo/.env.example
@@ -1,20 +1,22 @@
-# APP_URL=$APP_URL # not using this for preview-environment instead, we can use window.location.origin
-SERVER_URL=$SERVER_URL
-SCOPE=$SCOPE
-API_URL=$API_URL
+# APP_URL= # not using this for preview-environment instead, we can use window.location.origin
+SERVER_URL=
+SCOPE=
+API_URL=
 DEBUGGER_OFF=true
-DEVELOPMENT=$DEVELOPMENT
-JOURNEY_LOGIN=$JOURNEY_LOGIN
-JOURNEY_REGISTER=$JOURNEY_REGISTER
-PORT=$PORT
-REALM_PATH=$REALM_PATH
-REST_OAUTH_CLIENT=$REST_OAUTH_CLIENT
-REST_OAUTH_SECRET=$REST_OAUTH_SECRET
-WEB_OAUTH_CLIENT=$WEB_OAUTH_CLIENT
-CENTRALIZED_LOGIN=$CENTRALIZED_LOGIN
-SERVER_TYPE=$SERVER_TYPE
-WELLKNOWN_URL=$WELLKNOWN_URL
-INIT_PROTECT=$INIT_PROTECT  # bootstrap | journey
-                            # 'bootstrap' will initialize protect at app bootstrap time
-                            # 'journey' relies on the PingOneProtectInitialize callback for initialization
-PINGONE_ENV_ID=$PINGONE_ENV_ID  # required when PingOne Protect callbacks are present
\ No newline at end of file
+DEVELOPMENT=
+JOURNEY_LOGIN=
+JOURNEY_REGISTER=
+PORT=
+REALM_PATH=
+REST_OAUTH_CLIENT=
+REST_OAUTH_SECRET=
+WEB_OAUTH_CLIENT=
+CENTRALIZED_LOGIN=
+SERVER_TYPE=
+WELLKNOWN_URL=
+# bootstrap | journey
+# 'bootstrap' will initialize protect at app bootstrap time
+# 'journey' relies on the PingOneProtectInitialize callback for initialization
+INIT_PROTECT=
+# required when PingOne Protect callbacks are present
+PINGONE_ENV_ID=
diff --git a/javascript/todo-api/.env.example b/javascript/todo-api/.env.example
index b92979e7..45f43130 100644
--- a/javascript/todo-api/.env.example
+++ b/javascript/todo-api/.env.example
@@ -1,6 +1,11 @@
-SERVER_TYPE=$SERVER_TYPE # 'AIC' or 'PINGONE'
-SERVER_URL=$SERVER_URL # AM URL for AIC or PingOne base URL with env ID for PingOne
-PORT=$PORT
-REALM_PATH=$REALM_PATH # 'alpha' or 'beta' for AIC server type. Not used for PingOne.
-REST_OAUTH_CLIENT=$REST_OAUTH_CLIENT # Confidential client ID for AIC or WebApp public client ID for PingOne
-REST_OAUTH_SECRET=$REST_OAUTH_SECRET # Confidential client secret for AIC. Not used for PingOne.
+# 'AIC' or 'PINGONE'
+SERVER_TYPE=
+# AM URL for AIC or PingOne base URL with env ID for PingOne
+SERVER_URL=
+PORT=
+# 'alpha' or 'beta' for AIC server type. Not used for PingOne.
+REALM_PATH=
+# Confidential client ID for AIC or WebApp public client ID for PingOne
+REST_OAUTH_CLIENT=
+# Confidential client secret for AIC. Not used for PingOne.
+REST_OAUTH_SECRET=