loading...

🀫How to handle πŸ—οΈ secrets πŸ—οΈ in Node.js (Video Tutorial)

github logo ・1 min read

codesnacks (18 Part Series)

1) Arguments and Parameters - do you know the difference? 2) Colorful console.log in JavaScript 3 ... 16 3) JavaScript Dates in SQL 4) πŸ“…πŸ“… How to compare Dates in JS (getting the difference in days) 5) βœ’οΈ Some πŸ”₯ tips on using the JS console (console.log & console.table) 6) const πŸ“¦, seal 🀐, freeze ❄️ & immutability πŸ€“ in JS 7) πŸ›Έ Is JavaScript using pass by value or pass by reference? Let's find out! 8) The pitfalls πŸ•³οΈ of cloning objects in JS (with Object.assign & object spread) 9) Do you know what πŸ“¦ Autoboxing in JS is? 10) πŸ€” Check if an object is empty in JS 11) Coercion in JavaScript - πŸ€” do you know what it is? 12) πŸ’‘ Dealing with command line arguments in Node.js 13) πŸš€ Get better at web development: CodeSnacks 🍫πŸͺ🍩 Tutorial Tuesday Newsletter + one sweet JS hack! 14) πŸ’‘ IIFE - Immediately Invoked Function Expressions in JavaScript 15) πŸ’‘ How to check if a variable is undefined in JS 16) πŸ’‘ How to dynamically create and access properties on JavaScript objects 17) 🀫How to handle πŸ—οΈ secrets πŸ—οΈ in Node.js (Video Tutorial) 18) JS - πŸ’‘ Merging multiple objects into one

Please drop me a line in the comments if you're interested in more video tutorials like this one!


Want to get better at Web Development?
πŸš€πŸš€πŸš€subscribe to the Tutorial Tuesday βœ‰οΈnewsletter

twitter logo DISCUSS (5)
markdown guide
 

You know dotenv is the most common secrets management tool, but it's not exactly best practice tbh.

A better strategy is to read in secrets from a yaml or json file which gets added to the system at build-time with a ci pipeline.

Ideally you would be able to select the file to load via cli flags when starting your app. Basing all your config off of the current environment is problematic for many reasons. It makes things able to work on staging but not on prod, and makes your config all or nothing. What if you want to run with some services on and some off?

Dotenv is ok for small apps but anything bigger will need a better solution.

 

Hello, Ryan. Can you tell more about "read in secrets from a yaml or json file which gets added to the system at build-time with a ci pipeline"? It's there a tool to do that or some articles on how to do that? I'm pretty new to nodejs and would appreciate your help.

 

Ok here it is! dev.to/genster/config-like-a-pro-4j3i

I'll write up a second post to get into the details of how we manage secrets in the pipeline. This first post is about loading and accessing values in the app itself. Hope it's helpful!

 

Hi Raymond! Ya totally. You know I think I'll write it up into a longer form article. Been wanting to do that for a while anyways :) I'll ping you when I get it published.

 

Keep in mind that React apps are entirely run on the client-side, so even with env variables, the key will essentially be embedded into the code when compiled, and users will be able to view the key if they start digging around in the browsers dev tools. So this is a good way to keep the key out of a git repository, but this method doesn't keep it secret in a production environment

Classic DEV Post from Nov 14 '19

Share your CSS knowledge

Benjamin Mock profile image
I'm Ben, a Frontend Developer from Germany working at ebay

Creating your DEV account is like casting a vote for open source, inclusion in software, and creating your profile is great for your career.

Get started now ❀️