diff --git a/.env.example b/.env.example
new file mode 100644
index 000000000000..cd1561027686
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,7 @@
+# These env vars are only necessary for creating Electron releases.
+# See docs/development/releasing.md
+
+APPVEYOR_TOKEN=
+CIRCLE_TOKEN=
+ELECTRON_GITHUB_TOKEN=
+VSTS_TOKEN=
\ No newline at end of file
diff --git a/docs/development/releasing.md b/docs/development/releasing.md
index 7145b98224bd..85a5fa0a9352 100644
--- a/docs/development/releasing.md
+++ b/docs/development/releasing.md
@@ -8,11 +8,10 @@ upload an Electron release. Contact a team member for more
 information.
 
 There are a handful of `*_TOKEN` environment variables needed by the release
-scripts. Once you've generated these per-user tokens, you may want to keep
-them in a local file that you can `source` when starting a release.
+scripts:
+
 * `ELECTRON_GITHUB_TOKEN`:
-Create as described at https://github.com/settings/tokens/new,
-giving the token repo access scope.
+Create this by visiting https://github.com/settings/tokens/new?scopes=repo
 * `APPVEYOR_TOKEN`:
 Create a token from https://windows-ci.electronjs.org/api-token
 If you don't have an account, ask a team member to add you.
@@ -26,6 +25,11 @@ with the scope of `Build (read and execute)`.
 * `ELECTRON_S3_SECRET_KEY`:
 If you don't have these, ask a team member to help you.
 
+Once you've generated these tokens, put them in a `.env` file in the root directory
+of the project. This file is gitignored, and will be loaded into the 
+environment by the release scripts.
+
+
 ## Determine which branch to release from
 
 - **If releasing beta,** run the scripts below from `master`.
diff --git a/script/ci-release-build.js b/script/ci-release-build.js
index 1a15cd55b266..cae9be928c9e 100644
--- a/script/ci-release-build.js
+++ b/script/ci-release-build.js
@@ -1,3 +1,5 @@
+require('dotenv-safe').load()
+
 const assert = require('assert')
 const request = require('request')
 const buildAppVeyorURL = 'https://windows-ci.electronjs.org/api/builds'
@@ -44,7 +46,6 @@ async function makeRequest (requestOptions, parseResponse) {
 }
 
 async function circleCIcall (buildUrl, targetBranch, job, options) {
-  assert(process.env.CIRCLE_TOKEN, 'CIRCLE_TOKEN not found in environment')
   console.log(`Triggering CircleCI to run build job: ${job} on branch: ${targetBranch} with release flag.`)
   let buildRequest = {
     'build_parameters': {
@@ -77,7 +78,6 @@ async function circleCIcall (buildUrl, targetBranch, job, options) {
 }
 
 function buildAppVeyor (targetBranch, options) {
-  assert(process.env.APPVEYOR_TOKEN, 'APPVEYOR_TOKEN not found in environment')
   const validJobs = Object.keys(appVeyorJobs)
   if (options.job) {
     assert(validJobs.includes(options.job), `Unknown AppVeyor CI job name: ${options.job}.  Valid values are: ${validJobs}.`)
@@ -139,7 +139,6 @@ async function buildVSTS (targetBranch, options) {
     assert(vstsJobs.includes(options.job), `Unknown VSTS CI job name: ${options.job}. Valid values are: ${vstsJobs}.`)
   }
   console.log(`Triggering VSTS to run build on branch: ${targetBranch} with release flag.`)
-  assert(process.env.VSTS_TOKEN, 'VSTS_TOKEN not found in environment')
   let environmentVariables = {}
 
   if (!options.ghRelease) {
diff --git a/script/find-release.js b/script/find-release.js
index 3cfd79aae142..3cbec2a02254 100644
--- a/script/find-release.js
+++ b/script/find-release.js
@@ -1,3 +1,5 @@
+require('dotenv-safe').load()
+
 const GitHub = require('github')
 const github = new GitHub()
 
diff --git a/script/prepare-release.js b/script/prepare-release.js
index 8021fa331da3..7322cf17acb4 100755
--- a/script/prepare-release.js
+++ b/script/prepare-release.js
@@ -1,10 +1,10 @@
 #!/usr/bin/env node
 
+require('dotenv-safe').load()
 require('colors')
 const args = require('minimist')(process.argv.slice(2), {
   boolean: ['automaticRelease', 'notesOnly', 'stable']
 })
-const assert = require('assert')
 const ciReleaseBuild = require('./ci-release-build')
 const { execSync } = require('child_process')
 const fail = '\u2717'.red
@@ -19,7 +19,6 @@ const versionType = args._[0]
 // TODO (future) automatically determine version based on conventional commits
 // via conventional-recommended-bump
 
-assert(process.env.ELECTRON_GITHUB_TOKEN, 'ELECTRON_GITHUB_TOKEN not found in environment')
 if (!versionType && !args.notesOnly) {
   console.log(`Usage: prepare-release versionType [major | minor | patch | beta]` +
      ` (--stable) (--notesOnly) (--automaticRelease) (--branch)`)
diff --git a/script/release.js b/script/release.js
index 5858caf215a3..707405f19014 100755
--- a/script/release.js
+++ b/script/release.js
@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 
+require('dotenv-safe').load()
 require('colors')
 const args = require('minimist')(process.argv.slice(2))
-const assert = require('assert')
 const fs = require('fs')
 const { execSync } = require('child_process')
 const GitHub = require('github')
@@ -18,8 +18,6 @@ const temp = require('temp').track()
 const { URL } = require('url')
 let failureCount = 0
 
-assert(process.env.ELECTRON_GITHUB_TOKEN, 'ELECTRON_GITHUB_TOKEN not found in environment')
-
 const github = new GitHub({
   followRedirects: false
 })
diff --git a/script/upload-to-github.js b/script/upload-to-github.js
index 7c3f8d9c11ce..219879fc4f1e 100644
--- a/script/upload-to-github.js
+++ b/script/upload-to-github.js
@@ -1,3 +1,5 @@
+require('dotenv-safe').load()
+
 const GitHub = require('github')
 const github = new GitHub()
 github.authenticate({type: 'token', token: process.env.ELECTRON_GITHUB_TOKEN})