DEV Community

wolfiton
wolfiton

Posted on

Enviorment variables to keep your app safe

Hi everyone,

Today I want to write about the importance of the environment variables, that can keep our applications safe and let us share them without worries.

So an environment variable is a value that will be located in our Operating system and It can be accessed only by us.

You will find two names for this type of variable:

  • System variable
  • Environment variable

Important: They are the same thing, so don't get confused by this naming convention people use.

If you share an application that uses environment variables for the configuration of your application, the person that uses the app will not be able to make it work, unless he/she creates the same System variable that is specified in the configuration.

To make things simpler let's use an example(this example is not specific to any language it is just using JSON):

{
  db: {
   host: System.env.APP_HOST  
  }
}

APP_HOST is our system variable(Enviorment Variable) here and we use a method called System.env to get the value of this variable from our OS.

To set up the System variable we use in the terminal the following command:

export APP_HOST=localhost 

APP_HOST is the name of our System variable and we set the value to localhost.

To view all the system variables on Linux and Mac you can use the set command.

If you want to know the value of a specific System variable you can use:

echo $VAR_NAME

Example:

echo $APP_HOST

So when we say in our config that we want the value of the variable APP_HOST we will get localhost.
This is the same as writing:

{
  db: {
   host: "localhost"
  }
}

The only difference is that we are using a System variable to do this and so we keep our host configuration secure from prying eyes(attackers).

Important: Also if the System variable value has spaces, which is not recommended then we can use(" "):

 export MY_COOL_VAR="I have space here"

Also, Environment variables can be used on the production server to keep the important configuration information on the server and not in plain text which is dangerous and can be found easier by attackers.

Too unset a system variable you can use the unset command followed by the name of the variable:

unset VAR_NAME

To unset the APP_HOST System variable we can use the following(use this command only if you want to stop using this var or made a mistake)

unset APP_HOST

We talk till now only about the advantages of Environment variables or System variables, but are there any downsides(negative results or bad idea) of using them?

The problems will appear if you want to build an application for opensource and want to make it easier for everybody to test it.

In this case, using System variables may prove a bad idea because a lot of people will not have the patience to set them up to test your app.

So if you build something that you want feedback on making it as accessible as possible and don't use System variables for configuration.

Keep it simple!

I hope that you enjoyed the article, Dear Reader and also found it useful.

Share it on social, so others can enjoy it too.

Discussion (0)