Skip to main content

Using dotenv to hide credentials in ExpressJS

This is a quick tutorial on using dotenv in JavaScript Development

When building apps, we continually need access to databases. To access those databases, we need to be authenticated to be authorized to access the resources stored.

In Web Development/app building, especially when storing code in a publicly accessible repository like GitHub, we should be conscious of our credentials. The way to get around storing your code on without credentials on GitHub is by using dotenv.

dotenv is a JavaScript package that enables users to and access credentials safely.

In your server.js file, add the following code

const express = require(“express”);

const app = express();

const dotenv = require('dotenv')

...

dotenv.config()

...

const password = process.env.[variable_name]

...

app.listen(3000, () => console.log(“server has started at port 3000”));

In the home directory, create a .env file. In the .env file create the variable name referenced in the using the following format.

variable_name="The value of the variable"

In this example, the value of the const password will be the string "The value of the variable"

The contents of the variable can be modified to match any string variables such as URIs, usernames, password, or any other sensitive information to be passed into a Web Application.

Labels:

Comments

Post a Comment

Popular posts from this blog

Telecoms: ePSK - Multiple Pre-Shared Keys

Originally posted on the Cambium Community Networks Just in case you missed it cnMaestro Version 2.2.1 (Cloud and On-Premise), brings us a great new feature called ePSK. If you’re not familiar with ePSK it’s maybe because Cambium are too modest to toot their own trumpet so I’m going to do it for them. In short ePSK gives each user a unique PSK (pre-shared key) when using WPA2-Personal, for me to explain why this is such a useful feature let me first explain the problem with using a shared PSK across the whole WLAN. When a wireless client connects to an AP it completes a 4-Way handshake, this generates the encryption keys used to encrypt wireless traffic. For the 4-way handshake to work it is a requirement that both the client and AP know the passphrase, however the passphrase is never transmitted over the air thereby making this exchange reasonably secure. But what happens when a 3rd party already knows the passphrase? It means they just need to capture the 4-way handshake to gener...
Post a Comment
Read more

Trump’s Policies and Their Impact on Papua New Guinea and the Pacific Islands

With Donald Trump taking office as the 47th president of the United States, his administration quickly embarked on sweeping and polarizing policy changes. Through a series of executive orders, Trump underscored his administration's focus on reshaping U.S. policies in areas such as immigration, trade, climate, and foreign aid. While these efforts are primarily centered on advancing U.S. domestic interests, their repercussions are set to ripple across the globe, especially in regions like the Pacific Islands, where economic and environmental challenges are deeply tied to global policies. For Papua New Guinea (PNG) and its Pacific neighbors, Trump’s policies pose both challenges and potential opportunities. These small island nations depend heavily on international trade, foreign aid, and climate action, all of which are areas of uncertainty under the new administration. Key decisions, such as the U.S. withdrawal from the Paris Climate...
Post a Comment
Read more

Defending Freedom of Speech: The Implications of Facebook Censorship in Papua New Guinea

The Papua New Guinea (PNG) government's recent move to regulate Facebook has sparked significant debate. Citing concerns over misinformation and social unrest, authorities have tested ICT controls to monitor and potentially restrict access to the platform. While the intention is to promote responsible social media use, this action raises critical questions about freedom of expression in the country. The Government's Justification for Facebook Regulation Authorities argue that Facebook has become a conduit for malicious content, including fake news and defamatory material, which could endanger public safety. By implementing a temporary ban or stricter controls, they aim to assess the platform's impact and develop strategies to mitigate these risks. This approach, they claim, is necessary to maintain social harmony and protect citizens from harmful content. However, this rationale has been met with skepticism. Critics contend that such measures...
Post a Comment
Read more