Keep Secrets Safe with Environment Variables
Fullstack Social iOS NodeJS REST
Within your server code, you'll almost always have a need to access external services such as AWS or your Mongo/SQL databases. Instead of storing your password and credentials in plain sight, you'll want to move them into environment variables that only the machine are aware of. Doing this means your local environment will also need to store this information, let's go through how this is done.

Comments (4)
romulusc
4 years ago
Had a go at homework exercise, to hide the mongodb url string in session.js and datastore.js: export URL_MONGODB=“mongodb://….” //replaced 'url' in sessions.js and datastore.js without research, not sure if correct url: process.env.URL_MONGODB, //updated the hidden .env file open .env, added export URL_MONGODB=“mongodb://….”, save //because I'm on new environment reloaded the .env source .env Created a post on localhost:1337 and is working Ready for re-deployment if this is correct
romulusc
4 years ago
LogOut/ LogIn working as well
Brian Voong
4 years ago
romulusc
4 years ago
Yes will do, thanks for the tip Brian. All the best
Bobur Pakhriev
3 years ago
Hi Brian, when I deployed to Heroku the app was working perfectly, but suddenly after I implemented keep secrets safe session my app giving an error when I try to post how can this be fixed?
Bobur Pakhriev
3 years ago
here is the error message UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 20)
JMan
2 years ago
Hey Brian, whenever I type in vi .gitignore, it takes to me a file that I can't really do anything with. Maybe that's something new or maybe I'm just doing it wrong. Also, I'm having problems with the mongo db url. I got the secret but since the url has characters like @ and & I haven't been able to source the .env file. Any help with these two problems would be appreciated!
JMan
2 years ago
To clarify the second part I'm trying to make the mongo db url an environment variable*
JMan
2 years ago
Ok, I figured out some of it, I still need help with the mongodb url. When I try to add it as a secret it works! but when I run the command such as source .env it gives me an error. Something to do with the characters in the string (the & specifically) I'll keep working on this, maybe putting it in a string would do the trick. My application also will not run when I put process.env.Mongodb_url where as the secret mongo db secret works fine. So that's my question, but do I even need to hide the mongo db url if I'm hiding the secret?? Thanks in advance, Brian
Brian Voong
2 years ago
JMan
2 years ago
Makes sense, but the mongo db url is pretty much useless without the db secret and that made me think that I could leave it in my codebase. I'm actually building my own application right now and mongo db atlas does the trick for what I need. If you have any other tips for me they would gladly be appreciated ? Thanks for responding, Brian!
JMan
2 years ago
Brian sorry to bother you again but I ran into a huge problem, when I tried to upload my code to github, it gave me an error saying that "Updates were rejected because the tip of your current branch is behind its remote counterpart" I did a git pull --rebase (Found that on stack overflow) and it gives me highlights parts of my code where I'm doing things like process.env.AWS_Key. It tells me to put the secret there instead of the environment variable. Have you run into this problem? If so how did you fix it? I'll keep trying and I'll keep you updated.
Brian Voong
2 years ago
JMan
2 years ago
Restarted Vscode and everything seemed to work fine. I was probably pushing to the wrong branch or some use error (like you said) on my side. Once it was reset I went through the steps carefully and it worked. Thanks for the help, Brian.
JMan
2 years ago
One final question, whenever I restart visual studio, my environment variables seem to disappear. Any idea as to what is happening?
Brian Voong
2 years ago
JMan
2 years ago
Did some research and got a better understanding, I can get my environment variables in the vscode terminal after a restart when I type "source .env" (Like you did in the video) I still haven't figured out if this would be a problem in production?
JMan
2 years ago
NVM, I'm all good now.
HELP & SUPPORT