You know dotenv is the most common secrets management tool, but it's not exactly best practice tbh.
A better strategy is to read in secrets from a yaml or json file which gets added to the system at build-time with a ci pipeline.
Ideally you would be able to select the file to load via cli flags when starting your app. Basing all your config off of the current environment is problematic for many reasons. It makes things able to work on staging but not on prod, and makes your config all or nothing. What if you want to run with some services on and some off?
Dotenv is ok for small apps but anything bigger will need a better solution.
Hello, Ryan. Can you tell more about "read in secrets from a yaml or json file which gets added to the system at build-time with a ci pipeline"? It's there a tool to do that or some articles on how to do that? I'm pretty new to nodejs and would appreciate your help.
Hi Raymond! Ya totally. You know I think I'll write it up into a longer form article. Been wanting to do that for a while anyways :) I'll ping you when I get it published.
I'll write up a second post to get into the details of how we manage secrets in the pipeline. This first post is about loading and accessing values in the app itself. Hope it's helpful!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
You know dotenv is the most common secrets management tool, but it's not exactly best practice tbh.
A better strategy is to read in secrets from a yaml or json file which gets added to the system at build-time with a ci pipeline.
Ideally you would be able to select the file to load via cli flags when starting your app. Basing all your config off of the current environment is problematic for many reasons. It makes things able to work on staging but not on prod, and makes your config all or nothing. What if you want to run with some services on and some off?
Dotenv is ok for small apps but anything bigger will need a better solution.
Hello, Ryan. Can you tell more about "read in secrets from a yaml or json file which gets added to the system at build-time with a ci pipeline"? It's there a tool to do that or some articles on how to do that? I'm pretty new to nodejs and would appreciate your help.
Hi Raymond! Ya totally. You know I think I'll write it up into a longer form article. Been wanting to do that for a while anyways :) I'll ping you when I get it published.
Ok here it is! dev.to/genster/config-like-a-pro-4j3i
I'll write up a second post to get into the details of how we manage secrets in the pipeline. This first post is about loading and accessing values in the app itself. Hope it's helpful!