Where should I store secret strings on Node server?

Question

Well, I\'ve come with a problem. How can I store passwords, db url and important strings that should not go to my public version control?

I\'ve come up with 3 solutions.

Answer 1

The dotenv package can be used to load configuration and secrets from a .env file into process.env. For production, the .env file doesn't have to exist.

Example:

require('dotenv').config();

const oauth2 = require('simple-oauth2').create({
  client: {
    id: process.env.TWITTER_CONSUMER_KEY,
    secret: process.env.TWITTER_CONSUMER_SECRET
  }
});

.env file:

TWITTER_CONSUMER_KEY=bMm...
TWITTER_CONSUMER_SECRET=jQ39...

.gitignore:

.env