This question already has answers here:
How can I securely store the IP address, username and password of a database using Node.js?
(2 answers)
Which is the best way to store sensitive credentials in Node.js?
(2 answers)
Closed 9 months ago.
I have used express-generator to create a skeleton website and a template to work on. I do not know where to store sensitive information such as Data_config key, JWT secret, Connection URI, etc. Is there a workaround?
This is my current file tree. ./bin/www has the main server.js
I have previously used the dotenv package, but this is the first time I am using express-generator. I tried the same procedure by adding a .env file, and requiring dotenv by require('dotenv').config(), but it gives me an error.
A good practice regarding environment variables is storing them in an environment (.env) file, which in Node.js you can access using the dotenv npm package.
This allows to avoid pushing sensitive data to versioning systems like Git or SVN and adds flexibility to use several instances of an application, which can represent ease of deployment and configuration for development pipelines.
dotenv in npm: https://www.npmjs.com/package/dotenv
You can include sensitive information at startup using environment variables. Start your application with the command below (or edit your startup script if you have one):
JWT_SECRET=secret node index.js
The JWT_SECRET variable can now be accessed in your application using the following code:
const JWT_SECRET = process.env['JWT_SECRET']
This will allow you to include your sensitive data in a startup script rather than being hard coded in the application. You can include multiple variables on startup as well. For example:
JWT_SECRET=secret CONNECTION_URI=http://localhost node index.js
Related
I have a Node server and multiple controllers that perform DB operations and helpers (For e-mail, for example) within that directory.
I'd like to use source from that directory within my functions. Assuming the following directory structure:
src/
server/
/app/controllers/email_helper.js
fns/
send-confirm/
What's the best way to use email_helper within the send-confirm function?
I've tried:
Symbolically linking the 'server' directory
Adding a local repo to send-confirm/package.json
Neither of the above work.
In principle, your Cloud Functions can use any other Node.js module, the same way any standard Node.js server would. However, since Cloud Functions needs to build your module in the cloud, it needs to be able to locate those dependency modules from the cloud. This is where the issue lies.
Cloud Functions can load modules from any one of these places:
Any public npm repository.
Any web-visible URL.
Anywhere in the functions/ directory that firebase init generates for you, and which gets uploaded on firebase deploy.
In your case, from the perspective of functions/package.json, the ../server/ directory doesn't fall under any of those categories, and so Cloud Functions can't use your module. Unfortunately, firebase deploy doesn't follow symlinks, which is why that solution doesn't work.
I see two possible immediate fixes:
Move your server/ directory to be under functions/. I realize this isn't the prettiest directory layout, but it's the easiest fix while hacking. In functions/package.json you can then have a local dependency on ./server.
Expose your code behind a URL somewhere. For example, you could package up a .tar and put that on Google Drive, or on Firebase Cloud Storage. Alternatively, you can use a public git repository.
In the future, I'd love it if firebase deploy followed symlinks. I've filed a feature request for that in Firebase's internal bug tracker.
I am working on React Serverless App using AWS I want to access Node JS specific package into React js what are possible alternatives to access node js package without using Node JS on the backend
font-list is a Node.js package for listing the fonts available on your system.
I want to access this package on the frontend side.
Need Help!!
To answer the broader question, a package meant for node will more than likely work only in the node eco system.
In the case of font-list, it looks like it's running a vbs script to get available fonts (in the case of windows). Running external scripts like that, or accessing local file systems is not something you can do in a browser environment due do security constraints.
So to get a list of fonts in a browser will require a its own solution. You cannot just use a Node.js package, even though it's all still js.
I am new to React and was learning how to hide API keys gotten from GitHub API and from other APIs. I found out that it is possible to hide keys in .env files and get access to those keys by using REACT_APP and ensure that .env file is added into .gitignore file in order not to be submitted to a server. `The question is Is it considered best practice the way of hiding keys I described above. Secondly, is .env file added to a server even if we add .env file into .gitignore file.
If you are going to be passing the contents of the environment data file to React, which is client-side code, then it isn't likely to be very useful for keeping things secret.
Mostly this will be useful for keeping your various environments separate (e.g. so you don't accidentally use the URL for your test API server in the production deployment of your app).
If you were using this for server-side code, then it would be useful to keep your secrets secret and not publishing them in a git repository (that you might want to allow other people access to).
Whether or not the environment data file would be deployed to your server would depend on your deployment process. If your deployment process consisted of nothing more than checking out your git repository to the live server, then no, it wouldn't be deployed.
I'm using ExpressJS to connect the dots between NodeJS and my Angular app. I wanted to install this npm package norobot: to leverage the process object.
I'd like to know where/how to set the NODE_ENV in an App Service within Microsoft Azure.
I was pointed here,
https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#howtochangeconfig
But the current-day Azure portal looks significantly different versus what the documentation has supplied, leading me to a big disconnect.
If you could point me in the right direction, that'd be appreciated.
Additional FYI,
At run-time, my stack is running on Node.js 9.4.
I wanted to install this npm package norobot: to leverage the process object.
norobot package has absolutely nothing to do with process.
But the current-day Azure portal looks significantly different versus what the documentation has supplied, leading me to a big disconnect.
Looks really shouldn't matter (to an extent), they serve as a visual guide.
The key section of the guide/docs you posted is App Settings:
This section contains name/value pairs that your web app will load on start up.
PHP, Python, Java and Node applications can access these settings as environment variables at runtime. For each app setting, two environment variables are created; one with the name specified by the app setting entry, and another with a prefix of APPSETTING_. Both contain the same value.
So following a similar answer: https://stackoverflow.com/a/34622196/2382650
set: NODE_ENV: some_value as shown above and it will be availble in your Express app as process.env.NODE_ENV
Hello stakOverFlowers :D
I have a simple NodeJS WebApp that use Lerna to manage the project. So i have a package directory that contains n different projects each ones using different tasks runner tools.
I always use Maven Build Profile in java environment but for this NodeJS project maven will not be used.
So the question is...
Is there a way to reproduce the Maven Build Profile concept without using MVN?
In a nutshell i need to use a build profile in nodejs, without using MVN, to customize build for different environments such as Production v/s Development environments.
There's a way to do that?
thanks to all
you can do it by storing your configurations in a JSON file as key value pairs in the same way as you do in properties file in Java.
Then by someway or other invoke properties from the environment specific configuration file such as production.json or stage.json or qa.json.
One of the easy ways to do this is using this module named config
Using this you can pass NODE_ENV=production(or dev or qa whatever) and access relevant configurations. This will help you achieve environment profiling.
You can also store configurations in a JS file but I personally prefer a JSON file for storing configurations.
But if you're wondering for dependencies management that is done by package.json file which is somewhat similar to your pom.xml file.
For more details about it you might want to read this official documentation for it.
My solution, following the TGW advice, works!!
Just install the config module, and create a directory that containing .json files.
$ npm install config
$ mkdir config
$ vi config/default.json
Than if u are on a windows machine, choose your NODE_ENV using NODE_ENV=production and than execute your web app.
In your .js file put informations like yours dbConnection host and password.... and to retrieve it use:
var config = require('config');
var dbConfig = config.get('JsonItem.dbConfig');
..more details on https://github.com/lorenwest/node-config