I have built FREE tool to deal with this problem. link
Hi developers 👋🏼 I have been using NodeJS for couple of years but still I feel managing environment variables, especially in production, is a daunting task.
What should I do ? Should I add env variables to docker build command ? Should I add env variables in GitHub Secrets ? OR Should I ssh into ec2 and create
.env file 😓
So lets address this problem…
1. The Problem with Dotenv
Dotenv is a moat popular package used by 30M+ developers to load environment variables from a
.env file into the process environment. While it simplifies the process, it has its limitations:
Lack of Security: Dotenv relies on plaintext .env files, which can expose sensitive information if not handled carefully. (like committing it to GitHub 🤯)
Limited Functionality: It doesn’t provide an solution for production environment.
Inflexible Configuration: Dotenv lacks flexibility when it comes to managing different configurations for different environments (development, staging, production).
What I dont want ?
But there will be some solution created by Big Cloud Giants ? Right ?
Azure — costs
1$ per key per month with additional per api call charges
GCP — almost
0.5$ per key per month (gcp has most complicated pricing tier I have ever seen)
AWS — costs
0.8$ per key per month with additional api call charges
i.e. I need to pay at least a dollar/month to just store NODE_ENV=production 🤔
then why cant I use GitHub Secrets ? Its FREE.. is it ?
This is the best solution for managing env variables is out there. but still its free tier lacks environment specific secrets manager. (Yeah Im indie hacker and cant afford to buy $20/month Plan)
& I dont want to manage this sh*t..
Then What To Do ?
If there is no solution, then best solution is to build the solution.
What if there is npm package which —
- does everything dotenv does &
- in development loads from .env file
- in production checks for .env files or else loads it from cloud without any major configuration
- there is easy and secure way to access, modify, delete environments.
- & is cheap.
So Finally what I built ?
What about security ? Okay.. Lets implement what Github Secrets is using 😘. Libsodium sealed boxes added
But how will it load .env in production ?
envvaults npm package requires 2 predefined env variables- EV_AID & EV_KEY. with these 2 env variables it will fetch all remaing variables defined inside “VAULT”.
EV_AID is account ID and EV_KEY is secret key for specific vault.
How can you use this ?
step 1. install npm package => npm i envvaults
step 2. create account on this link
step 3. access inside VS Code using this link
Done!! Now lets get back to writing code 😤