DEV Community

Environment variables in Node.js. The Right way!

Vikas Raj on July 13, 2019

This is my first blog post. Hope y'all like it 🤞. Environment variables are very fundamental part of developing with Node.js or any server side la...
Collapse
 
thesuhu profile image
The Suhu

why your script start prodouction did not load dotenv?

Collapse
 
numtostr profile image
Vikas Raj

dotenv is a dev dependency. In production, keys are stored on the server which can be accessed by node without using dotenv

Collapse
 
thesuhu profile image
The Suhu

can you give me little example how storing keys on production? thank you

Thread Thread
 
numtostr profile image
Vikas Raj

For example, heroku has a option in app settings to enter environment variable.

Thread Thread
 
thesuhu profile image
The Suhu

yes, in heroku there is an option to store that. but how if we use own server?

Thread Thread
 
numtostr profile image
Vikas Raj • Edited

Like this

// keys.js ======
module.exports = {
    PORT: process.env.PORT,
    WHO_AM_I: process.env.WHO_AM_I,
};
Thread Thread
 
thesuhu profile image
The Suhu

ok, thank you.

Thread Thread
 
yogendra3236 profile image
Yogendra

But, still we're using 'process.env', which uses to 'dotenv' package in production?

Thread Thread
 
thesuhu profile image
The Suhu

In production I didn't use .env, I store all credentials on host environment or if I use docker, I store it in docker secrets.

Thread Thread
 
yogendra3236 profile image
Yogendra

Cool, thanks!

Collapse
 
safinghoghabori profile image
Safin Ghoghabori

Yes thats right that we store keys on server.
But what about the dotenv package we imported into file and written as process.end.VAR_NAME ? Wont it require to use dotenv package?

Collapse
 
chrissyast profile image
chrissyast

My script is currently

"serve": "vue-cli-service serve"

I tried adding "node -r dotenv/config vue-cli-service serve"

I ran that but then it failed to compile

internal/modules/cjs/loader.js:796
    throw err;
    ^

Error: Cannot find module './front/vue-cli-service'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:793:17)
    at Function.Module._load (internal/modules/cjs/loader.js:686:27)
    at Function.Module.runMain (internal/modules/cjs/loader.js:1043:10)
    at internal/main/run_main_module.js:17:11 {
  code: 'MODULE_NOT_FOUND',
  requireStack: []
}
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! front@0.1.0 serve: `node -r dotenv/config vue-cli-service serve`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the front@0.1.0 serve script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

Collapse
 
johnchristopher profile image
johnchristopher

Another option is to use command line arguments like node app.js --option argument which prevents any keys to ever be committed or written to a file since they are only made available at run-time.

It also plays nice with docker since one can just write any secrets into a docker .env file that feeds ENV variables either to a container or an image.

Collapse
 
espinella8 profile image
espinella8

If I used the same server for development and production, I'd have to not install dotenv as a dev dependency and not use server variables, just 2 different .env files, one for each prod/dev application folder.

Collapse
 
ovidiu141 profile image
Ovidiu Miu • Edited

Ok, but how to manage the .env files? Where to keep them? How to share them? For example how do I share a .env.development file with another developer since the file is not in the source control?

Collapse
 
numtostr profile image
Vikas Raj

You can include .env.development in the source control. But make sure It doesn't contain any actual keys. Because thats the whole point of secret.

The way I do is I make a .env.sample file with all the env but without any secret or api keys.

Collapse
 
mi1682516 profile image
mi1682516

What do you mean when you say it doesn't contain actual keys? How did the other developer run test like i did on my local when it doesn't contain actual keys?

Collapse
 
bfunc profile image
Pavel Litkin

Thanks, very useful

Collapse
 
chan_austria777 profile image
chan 🤖

great approach. How do i add a npm script for another environment (i.e, staging environment)?