How do i safely store a token secret?
Most of the resource i've come across talk of adding it to a .env file. However, there is a whole other bunch of resources that discredit the use of an .env file to store token secrets.
Since i'm simply learning i'll use .env before I find a better alternative for that. I previouly had my token secret stored in a config.js file which doesn't exactly make it a secret. I'll save that to a .env file and try and use it.
SECRET=ed5a2131834e4e0dd1fb7b9d1d0a1db71802a13a02011b19a98152b7988ad9215613c064a0ded303c39ab328b6181494
I'll npm install dotenv, include it in the user controller.js file and save the token secret to a variable. Then replace the config.secret with the varibale name.
require('dotenv').config();
const secret = process.env.SECRET
const token = jwt.sign({ id: user._id }, secret, {
expiresIn: 86400
});
I suppose its safe now, for as long as it's in development.
Day 33
Top comments (0)