Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Add user password during runtime

Tags:

javascript

security

node.js

i've some node app which should get the user password to run , I dont want to put the user password hard-coded but I want some way to pass it during deployment, something like when I do npm start with the command line and add also user password which will be filled in the code, there is some best practice how to do it in node?

After I search in SO i've found this post but it's not helping since you put the code in config file which to me looks the same , the user passowrd is supplied with the code which I want to avoid...any example will be very helpful

Best way to store DB config in Node.Js / Express app

Let's say one on the file need this user password for Runtime...

e.g.

request({
    uri: API,
    method: 'POST',
    json: true,
    form: {
      'username': 'user123',
      'password': 'password123'
},

What I want is something similar to this approach , (or there something better which I want to understand how to use it) 

 request({
    uri: API,
    method: 'POST',
    json: true,
    form: {
      'username': ~username,
      'password': ~password
},

And run the following command during deployment

npm start username user123 password password123

like image 916
Jenny Hilton Avatar asked Dec 10 '25 03:12

Jenny Hilton

2 Answers

You can make use of environment variables.

Let's say you have an environment variable called USERNAME.
You can access it in your Node.js application like this: 

console.log( process.env.USERNAME )

You can supply environment variables when starting your application like this: 

USERNAME=example npm start

You may also want to check this supper cool project called dotenv which loads environment variables form a .env file.

You can add .env to your .gitignore and the credentials won't be shipped with the code.

like image 52
Kayvan Mazaheri Avatar answered Dec 11 '25 15:12

Kayvan Mazaheri

Your best bet would be to have an external config file and read the username and password configuration from that. :) You will need to make sure that your web app doesn't serve the config file to the public either. So I would recommend putting the config into a higher level directory than your server so you would have less chance of accidentally serving your config.

like image 26
mustachioed Avatar answered Dec 11 '25 16:12

mustachioed

Sign in to Comment

Related questions

Detect browser's native date/time pickers
Primitive wrapper behavior in JavaScript
How can I conditionally disable a control in Storybook based on the value of another argument?
HTMLCollection change event with JavaScript
How do I show the results of a filtered list using Knockout.Js?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!