paint-brush
how to use Environment Variables keep your secret keys safe & secure!by@priyanshujain
82,763 reads
82,763 reads

how to use Environment Variables keep your secret keys safe & secure!

by PRIYANSHU JAINJuly 1st, 2017
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Avoid (<em>accidentally</em>) committing (<em>exposing</em>) your <em>private keys</em>, <em>passwords</em> or other <em>sensitive details</em>(<em>by hard-coding in them in your script</em>) to <a href="https://hackernoon.com/tagged/github" target="_blank">GitHub</a> by storing them as environment variables. See the example like this

Company Mentioned

Mention Thumbnail
featured image - how to use Environment Variables keep your secret keys safe & secure!
PRIYANSHU JAIN HackerNoon profile picture

Why?

Avoid (accidentally) committing (exposing) your private keys, passwords or other sensitive details(by hard-coding in them in your script) to GitHub by storing them as environment variables. See the example like this

There is a story of a person who pushed aws keys to github:

Accidentally pushing API keys to GitHub can be an Expensive/Stressful Lesson: https://www.quora.com/My-AWS-account-was-hacked-and-I-have-a-50-000-bill-how-can-I-reduce-the-amount-I-need-to-pay

What is Environment Variable?

An environment variable is a KEY=value pair that is stored on the local system where your code/app is being run and is accessible from within your code.

How?

Follow these steps:

  1. List all the Default Environment Variables

$ printenv

2. For storing our secret data like tokens, API keys, passwords create a file named app-env


export API_KEY="ABDJFdfrpf956irjglkfmgi5kgf"export TOKEN="213j29rhdfn94htrfuh94"

3. Source this file into local environment using source command

$ source app-env

4. Now we can use these environment variable in our program as for example in NodeJS:

Node.js gives you access to the variables defined in your environment in the process.env global object.

So we can use process.env object to access our keys

var api_key = process.env.API_KEY;

5. and last thing add app-env to .gitignore so this file is ignored to .git

app-env

This way we can use our keys and tokens in our local environment and be safe from getting these sensitive data exposed to others on Github.