In my code, I have API keys and other secrets directly for others to see. I want to prevent that and put them in environment parameter (or hide them otherwise, if you have an idea)
How do I do that? I didn't really understand the answers when I googled it (maybe I looked in the wrong places?)
I would really appreciate the help!
CodePudding user response:
If you are using Javascript
1. Add dotenv lib in your project (npm i dotenv or yarn add dotenv)
2. Import to your main file
require('dotenv').config();
or
import 'dotenv/config';
3. Put the variables in a file named ".env" in the root of your project.
Inside this .env file they have to be in the format: KEY=value
...
SECRET=123456abcdef
...
4. Then to use in your project, you can use: process.env.KEY
...
const token = sign({email: user.email},
process.env.SECRET,
{subject: user.id, expiresIn: 86400}
);
...
5. 2. Add .env to .gitignore
//.gitignore
.env