I currently have my api keys and list id sitting in my app.js file. I am trying to add those API keys to another file and hide the file using .gitignore. But how do I do that and even if I hide the file in the new secret file how do I get those keys back in my original app.js file
What you should do is use an Environment File.
Environment files start with .env and allow you to save things that are specific to your working environment (such as sensitive keys).
If you are using nodejs, you can easily import the data from a .env file using require('dotenv').config().
These files are also ignored by the default .gitignore configuration.
Firstly install a library called dotenv
npm i dotenv --save
Create a file called .env and place your API KEY in it and create .gitignore file place your .env in it
Example
Inside .env :
API_KEY= YOUR_APIKEY without quotation
Inside .gitignore:
.env
To use your API KEY inside app.js
Inside app.js:
require('dotenv').config()
let API_KEY = process.env.API_KEY;
Using .env file
Install the dotenv npm package
npm install dotenv --save
Create a .env file at the root of your project and store your SECRET_KEY like shown below.
SECRET_KEY="YOURSECRETKEYGOESHERE"
To get the value from the key use the following code
require('dotenv').config()
console.log(process.env)
For more information do check the link.
Using .gitignore file
.gitignore file is used to add those files which you don't want to commit to your git repository. In this case, you can create a file called.gitignore and in that file add the file names which should not be committed.
.gitignore
.DS_Store
secrets.txt
.env
#This is comments(# used for comments)
*.txt #this means all files with .txt extention will be ignored
To get the prebuild template for .gitignore files for nodeJs or any kind of project do check the repository down below.
https://github.com/github/gitignore
Related
This is my file directory structure
project
client
server (has the .env file with credentials)
How can I hide credentials in the .env file when I push to github? I know that you have to use .gitignore but how would that work since my .env is not in the root directory?
UPDATE
I tried doing what the response said but the .env file still did not disappear in my repo.
Here is what the .gitignore file reads:
.env
.idea
**/node_modules
data
yarn.lock
You can just add .env to .gitignore, then git add .gitignore followed by git commit. This will ignore .env in all subdirectories from future git operations, so the .env file will not be pushed at all to GitHub.
The .gitignore file specifies patterns of a file or directory name, not the explicit path relative to the location of .gitignore in the directory tree. This means that you don't need to specify project/client/.env etc separately.
So, just add this to your .gitignore:
.env
If you already accidentally pushed your .env file and it contained sensitive credentials, revoke those credentials immediately and treat them as if bots have already scraped them, and follow the instructions here: Removing sensitive data from a repository
As a side-note, if your application requires environmental variables to work, it's customary to document them in your README. I also often see a file named like .env.sample or something similar, which is a boilerplate for each developer's own .env file. This file usually just contains the keys without the values, so other developers know which variables they need to set up.
I am new to typescript and i built this simple mailer application, but the problem is that TypeScript is unable to read the file, when i put it in the src folder it was not copied in dist on build, when i put it outside the src folder and put the manual require just to test IDE did not showed me option for env
and here is my directory tree
what causes that? i dont have a clue.
I don't think node (or typescript) knows how to import a .env file natively.
You probably want to install and configure the dotenv npm package
Then you just add this line to the file that boots your server:
require('dotenv').config()
And now your env vars are accessible at:
process.ENV.MY_VAR_HERE
Here's a decent article on environment variables and how a .env file works with them.
I'm developing a bundle of a composer packages plus a npm package. This bundle is very specific, it's targeting only Laravel apps.
I'd like to access .env file from npm package, but I'm not able to find a way to detect where my app's .env file is located.
I repeat: I am able to read it using
require().config(..file path...)
but I am here to ask :
how to find a way to detect the path of .env file of the laravel app which required my node package?
I have no malicious intent, simply I'd like to import automatically the DB connection configuration.
On the PHP side you can detect the location of the env file by calling
App::environmentFilePath()
I'm not able to get my project .npmrc file to recognize any of the environment variables set at three different scopes (project, user, global).
The only way I'm able to install a private module is by hardcoding the api key into the .npmrc file, which is obviously unacceptable since .npmrc is watched by git.
I've tried creating environment variables as the npm-config docs suggest, i.e.:
in a project .env file, where both a .npmrc file and a .env file are siblings of package.json, i.e.: fontawesome_pro_token=ABC123
in a user config file, i.e.: $ npm set fontawesome_pro_token ABC123
in a global config file, i.e.: $ npm set fontawesome_pro_token ABC123 --global
When I reference the env variable in the project .npmrc file, i.e.:
#fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=${fontawesome_pro_token}
I get this error:
Error: Failed to replace env in config: ${fontawesome_pro_token}
When I remove the curly braces around the variable name (as this stack overflow answer suggests), I get the following error:
npm ERR! 401 Unauthorized
Any advice on how to config npm to read env variables?
Incidentally -- if deploying private modules to Netlify, Netlify expects the .npmrc file to use the curly braces for env var syntax, see this gist. I can confirm that using the curly brace syntax in a git watched npmrc file, along with setting a build env var in the netlify project admin dashboard, indeed works.
Use your env vars without curly braces like:
$fontawesome_pro_token
Change your casing to UPPERCASE when refer to your .env file or handle environment variables
#fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=${FONTAWESOME_PRO_TOKEN}
When I try to upload my Node.js project on Elastic Beanstalk I obtain the following error:
Failed to find package.json. Node.js may have issues starting. Verify package.json is valid or place code in a file named server.js or app.js.
However, I have the package.json in the main directory.
A couple of people were zipping the parent folder incorrectly. You need to select all the contents of the folder and zip those.
https://forums.aws.amazon.com/message.jspa?messageID=477087
https://forums.aws.amazon.com/thread.jspa?threadID=130140&tstart=0
While uploading the .zip file (Nodejs application) we need to select all the files in the folder, then zip it as shown in below screenshot.
Then upload the Nodejs(zip file) project in AWS Elastic Beanstalck.
I had the same issue running a zip of node js boilerplate. It worked when I removed .git and .idea directories and n.gitignore file from the zip.
You need to zip the build directory, to do so inside that directory you can zip -r upload.zip . (do not forget the dot at the end for current directory).
So in that directory you need to have your index.js or server.js as EB looks for how to run the app in the directory only and will not look into folders src, dist etc.
This can be the packaging issue. You will need to go inside the project and compress altogether as provided in the screenshot:
If you use eb cli, make sure you have git committed all the changes.
If you do zip and upload, make sure you don't zip the parent folder but selecting all files and zip.
In my case i have found a wrong copy of the folder .elasticbeanstalk with inside another config.yml
example
root_project_folder
.elasticbeanstalk/
config.yml
public/
.elasticbeanstalk/
config.yml
and when I started the "eb deploy" command it failed because use the wrong public/ folder as a ROOT
removing the public/.elasticbeanstalk/ have resolved my issue
Ciao