DEV Community

Margaret W.N
Margaret W.N

Posted on

Handling token secrets

How do i safely store a token secret?

Most of the resource i've come across talk of adding it to a .env file. However, there is a whole other bunch of resources that discredit the use of an .env file to store token secrets.

Since i'm simply learning i'll use .env before I find a better alternative for that. I previouly had my token secret stored in a config.js file which doesn't exactly make it a secret. I'll save that to a .env file and try and use it.

SECRET=ed5a2131834e4e0dd1fb7b9d1d0a1db71802a13a02011b19a98152b7988ad9215613c064a0ded303c39ab328b6181494
Enter fullscreen mode Exit fullscreen mode

I'll npm install dotenv, include it in the user controller.js file and save the token secret to a variable. Then replace the config.secret with the varibale name.

require('dotenv').config();
const secret = process.env.SECRET

 const token = jwt.sign({ id: user._id }, secret, {
        expiresIn: 86400 
      });
Enter fullscreen mode Exit fullscreen mode

I suppose its safe now, for as long as it's in development.

Day 33

Top comments (0)