Hey everyone, welcome back! In this post, I’ll show you how to store secret keys securely in a .env file. You can also watch the YouTube video if ...
For further actions, you may consider blocking this person and/or reporting abuse
Or use dotenvx and even enjoy additional encryption capabilities.
You can also use the --env-file flag.
only on nodejs 20v behind version not
Thank you
Simple yet essential tutorial. Good one, friend!
Thanks :)
Caution!!!! This is very insecure. Do not store secrets in env files. That is not what they are meant for.
Whenever possible use secret managers instead. They are built for production. If you are on aws, you don't need to store any secrets as environment variables. Your servers (or serverless servers) have access roles and you can let them access your AWS secrets manager and use something like that. Other cloud providers have very similar setups. Do not use environment variables or environment files to store critical secrets in production.
i have simple and convinent way to store and use .env.
that ways I tried
Looks dangerous to me. A better idea is to use environment variable instead. That way there's no chance of exposure.
And how to make it work on prod?
You can already deploy it to production (through GitHub). Your secret keys will be in .env file and it's ignored by GitHub, so not visible to others. And, NodeJS will handle the rest.
Or you can use secret management platform like infisical. It's free!
What a great tool, so to use infiscal you have to provide api keys (which are considered sensitive info) which will put you in a infinite loop. Awesome!
Ps: I'm just joking around, I think it's a really interesting free solution, I will use it myself. Thanks for sharing
You almost got me lol 🤣