Where should I store secret strings on Node server?

后端 未结 4 1360
臣服心动
臣服心动 2021-02-05 12:29

Well, I\'ve come with a problem. How can I store passwords, db url and important strings that should not go to my public version control?

I\'ve come up with 3 solutions.

4条回答
  •  情歌与酒
    2021-02-05 12:46

    Here is my suggestion:

    1. Using a mix of file and env variables

    You can manage secret strings using a mix with config files and process.env variables.

    You can do something like this:

    var port = process.env.PORT || config.serverPort;
    

    Since now, working with docker is the rule, you should try this one.

    2. Using a Sample

    You could add a config.json.example to your repo with an example of the variables you should define but here you will have to remember to change it when you deploy to production.

    Just remember to add the real config.json to the .gitignore file. This one is not my preferred but still an option.

提交回复
热议问题