Where should I store secret strings on Node server?

Question

Well, I\'ve come with a problem. How can I store passwords, db url and important strings that should not go to my public version control?

I\'ve come up with 3 solutions.

Answer 1

There's a node package that handles this very similar to the Ruby On Rails approach with their credential system: schluessel

It lets you save your secrets in an encrypted vault file and stores the key separately. This vauft file can be checked into your version control system, as long as you keep your key file secret.

You can create vault files for different NODE_ENVs. If you surrender the key either via a key file or via an environment variable, you can access your credentials very easily from within your app.