This is my first blog post. Hope y'all like it 🤞.
Environment variables are very fundamental part of developing with Node.js or any server side la...
For further actions, you may consider blocking this person and/or reporting abuse
why your script start prodouction did not load dotenv?
dotenv
is a dev dependency. In production, keys are stored on the server which can be accessed by node without usingdotenv
can you give me little example how storing keys on production? thank you
For example, heroku has a option in app settings to enter environment variable.
yes, in heroku there is an option to store that. but how if we use own server?
Like this
ok, thank you.
But, still we're using 'process.env', which uses to 'dotenv' package in production?
In production I didn't use .env, I store all credentials on host environment or if I use docker, I store it in docker secrets.
Cool, thanks!
Yes thats right that we store
keys
on server.But what about the dotenv package we imported into file and written as
process.end.VAR_NAME
? Wont it require to usedotenv
package?My script is currently
"serve": "vue-cli-service serve"
I tried adding
"node -r dotenv/config vue-cli-service serve"
I ran that but then it failed to compile
Another option is to use command line arguments like
node app.js --option argument
which prevents any keys to ever be committed or written to a file since they are only made available at run-time.It also plays nice with docker since one can just write any secrets into a docker
.env
file that feedsENV
variables either to a container or an image.If I used the same server for development and production, I'd have to not install dotenv as a dev dependency and not use server variables, just 2 different .env files, one for each prod/dev application folder.
Ok, but how to manage the .env files? Where to keep them? How to share them? For example how do I share a .env.development file with another developer since the file is not in the source control?
You can include .env.development in the source control. But make sure It doesn't contain any actual keys. Because thats the whole point of secret.
The way I do is I make a .env.sample file with all the env but without any secret or api keys.
What do you mean when you say it doesn't contain actual keys? How did the other developer run test like i did on my local when it doesn't contain actual keys?
Thanks, very useful
great approach. How do i add a npm script for another environment (i.e, staging environment)?