03 - ENV
In this module, we'll work on making our signature private with the .env
file.
Overview
As mentioned before, our signature is currently available to anyone who wants it on GitHub. We can use a package called dotenv
to hold data that we want hidden, then we can have the program reach out to that file when the data is needed. We can then prevent this file from being uploaded to GitHub. dotenv
provides a way to allow you to create secret keys that your application needs to function and keep them from going public.
File Set up
Let's start by adding a .env
file to the root level:
Import dotenv Package
We have already installed the dotenv
package. In order to use it we need to go to app.js
and require it at the top of the file:
With this we can make items in an
.env
file available to our whole application.
.env File
Add
*.env
to your.gitignore
to prevent it from being published to GitHub.In the
.env
file, add the secret. Put it in exactly like this:
Adding the Process Variable
Now, let's add the process.env
variable to our method. See the comment below:
The system goes outside the current file to the
.env
file, where it looks for something calledJWT_SECRET
. The value of the secret is stored in that environment variable.
Test
We'll leave it up to you to test the app again with Postman and be sure that you get a token back. You should be getting the same result as you got in the last module:
Last updated