This is my file directory structure
project
client
server (has the .env file with credentials)
How can I hide credentials in the .env file when I push to github? I know that you have to use .gitignore but how would that work since my .env is not in the root directory?
UPDATE
I tried doing what the response said but the .env file still did not disappear in my repo.
Here is what the .gitignore file reads:
.env
.idea
**/node_modules
data
yarn.lock
You can just add .env to .gitignore, then git add .gitignore followed by git commit. This will ignore .env in all subdirectories from future git operations, so the .env file will not be pushed at all to GitHub.
The .gitignore file specifies patterns of a file or directory name, not the explicit path relative to the location of .gitignore in the directory tree. This means that you don't need to specify project/client/.env etc separately.
So, just add this to your .gitignore:
.env
If you already accidentally pushed your .env file and it contained sensitive credentials, revoke those credentials immediately and treat them as if bots have already scraped them, and follow the instructions here: Removing sensitive data from a repository
As a side-note, if your application requires environmental variables to work, it's customary to document them in your README. I also often see a file named like .env.sample or something similar, which is a boilerplate for each developer's own .env file. This file usually just contains the keys without the values, so other developers know which variables they need to set up.
Related
I currently have my api keys and list id sitting in my app.js file. I am trying to add those API keys to another file and hide the file using .gitignore. But how do I do that and even if I hide the file in the new secret file how do I get those keys back in my original app.js file
What you should do is use an Environment File.
Environment files start with .env and allow you to save things that are specific to your working environment (such as sensitive keys).
If you are using nodejs, you can easily import the data from a .env file using require('dotenv').config().
These files are also ignored by the default .gitignore configuration.
Firstly install a library called dotenv
npm i dotenv --save
Create a file called .env and place your API KEY in it and create .gitignore file place your .env in it
Example
Inside .env :
API_KEY= YOUR_APIKEY without quotation
Inside .gitignore:
.env
To use your API KEY inside app.js
Inside app.js:
require('dotenv').config()
let API_KEY = process.env.API_KEY;
Using .env file
Install the dotenv npm package
npm install dotenv --save
Create a .env file at the root of your project and store your SECRET_KEY like shown below.
SECRET_KEY="YOURSECRETKEYGOESHERE"
To get the value from the key use the following code
require('dotenv').config()
console.log(process.env)
For more information do check the link.
Using .gitignore file
.gitignore file is used to add those files which you don't want to commit to your git repository. In this case, you can create a file called.gitignore and in that file add the file names which should not be committed.
.gitignore
.DS_Store
secrets.txt
.env
#This is comments(# used for comments)
*.txt #this means all files with .txt extention will be ignored
To get the prebuild template for .gitignore files for nodeJs or any kind of project do check the repository down below.
https://github.com/github/gitignore
I initialized an empty git repository with git init and it's making only a .git folder. It's not making .gitignore itself. When I tried making a .gitignore file and then wrote \node_modules, it is not ignoring the node_modules folder. I am working with Linux OS on the NodeJs application and was pushing the code on GitHub.
It doesn't get generated automatically. You need to first commit it in the repo and use "node_module/" in your .gitignore file.
$ cat .gitignore
node_modules/
Try this as follows.
Do git init
Add .gitignore file
Add file path or folder path you
want to avoid
Commit as Git ignore file added or something.
Push to repository
After then if it's not working,
Clone it to another folder. It will work, sure.
I have a Node.js project and have imported a few Node modules. The git_status command shows the files that I changed in the project. I have also changed some files under the node_modules directory but those are not shown. The node_modules directory is shown as untracked.
Untracked files:
(use "git add <file>..." to include in what will be committed)
node_modules/
src/js/main-release-paths.json
I have changed only one file in node_modules:
node_modules/#oracle/grunt-oraclejet/node_modules/#oracle/oraclejet-tooling/lib/serve/connect.js
How can I track this file?
You shouldn't add the node_modules folder to git then it's managed bei the npm command. So remove that folder and use the npm install command.
When you have added something in that folder it's shown as changed, if you had first added some files. So i hop that folder is in your .gitignore file and ignored. You should check that.
Assuming you have git repo, Please check the .gitignore files inside your project. Entries in .gitignore will be ignored by Git and will not show up when you do git add.
Adding the file to track
This is most likely not a suitable approach (read below). However , if you really want to do it:
In order to track a file nested under node_modules, you should add the directory. All of its content will be staged in git
git add node_modules
Recommended approach
You probably don't want to track the contents of node_modules directory, because:
running npm install will wipe your changes
hundreds or thousand files are likely to end up present in that directory
tracking package.json and package-lock.json in git is sufficient, then populate node_modules using npm install command.
You are not supposed to modify files located in node_modules directory directly. Instead, fork the module in question, modify it, and:
either publish your own version in npm
or reference it as a git repository inside package.json (how-to)
Then, also add node_modules directory to the .gitignore file.
If the whole directory is untracked, git status will show only the directory. Because it's untracked, there is no meaningful difference to git between changed and unchanged files in there.
Other answers have already addressed that tracking node_modules is nota good idea. Of you want to track your changes to modules, consider cloning the module repo and including it as a git submodule.
It should be inside .gitignore file. A .gitignore file should be committed into your repository, in order to share the ignore rules with any other users that clone the repository.
Yarn has created yarn.lock and yarn-error.log.
I have been told not to add yarn.lock to my .gitignore file because it locks down the packages.
Should I ignore the latter?
It makes sense to ignore the yarn-error.log—log files are only useful to debug your own copy of the code, so there's no need to upload it to the repository.
File should be uploaded to your repo when they are useful or needed to build your project. The yarn-error.log (as the name suggests) is an error log, so it's never read by Yarn. The whole point of it is that you read the log to find out what went wrong, and if you've not had any errors, it might not even exist at all.
gitignore.io, a service which generates .gitignore files, include yarn-error.log and yarn-debug.log in their .gitignore file for Node:
### Node ###
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
It may be wise to follow their example if you're not sure what you need—most pre-made .gitignore files have thought this issue through and concluded that logs should generally be ignored.
Since writing this I realise all log files are typically ignored in the .gitignore file with this entry:
*.log
Its system specific log file for the user. So it should be added to gitignore.
some times we find error that is "cannot find symbol" when build the project.
to solve that problem we add this file to our root project.
we can use it in our project where all all files and folder are available.
just above to yarn.log file
.gitignore is used for ignoring the files which are not expected to be commited to git. It locates in the root directory of the project. So this file should also be added and commited as other files or?
Yes, it's a good practice to commit it, to avoid people in your team to commits temporary files, builds, and other stuffs that aren't project specific.
But if you want to have a modified one locally with a private or testing configuration, you can but if you want to apply changes you have to add it with git add .gitignore.
Documentation: https://git-scm.com/docs/gitignore