How to Use Environment Variables in NodeJS

1 the introduction

This close reading article is how to use environment variables in NodeJS.

Describes how development and production environments manage environment variables.

Here, environment variables refer to important data such as database passwords, rather than ordinary variable parameters.

2 an overview

Environment variables have a long history, and you have to set them up before you run the first line of JAVA code.

The problem is, system variables are not easy to use, such as whether to end with a semicolon, and in what programs do JAVA_HOME and PATH function the same? And bound to the operating system, variables set at the operating system level are fine for Java-level programs, but not suitable for storing database passwords.

How do we use environment variables in Node? The author gives the following suggestions:

Through the command line

PORT=65534 node bin/wwwCopy the code

This is the most basic and common method, but when the number of variables is too large, it can feel overwhelming:

PORT=65534 DB_CONN="mongodb://react-cosmos-db:swQOhAsVjfHx3Q9VXh29T9U8xQNVGQ78lEQaL6yMNq3rOSA1WhUXHTOcmDf38Q8rg14NHtQLcUuMA==@react -cosmos-db.documents.azure.com:19373/?ssl=true&replicaSet=globaldb" SECRET_KEY=b6264fca-8adf-457f-a94f-5a4b0d1ca2b9 node  bin/wwwCopy the code

The authors mention that this code is not extensible. The authors argue that scalability is even more important to engineers than getting it right.

Use the.env file

Obviously, the command line can’t write enough to write to the file:

PORT=65534 DB_CONN="mongodb://react-cosmos-db:swQOhAsVjfHx3Q9VXh29T9U8xQNVGQ78lEQaL6yMNq3rOSA1WhUXHTOcmDf38Q8rg14NHtQLcUuMA==@react -cosmos-db.documents.azure.com:10255/?ssl=true&replicaSet=globaldb" SECRET_KEY="b6264fca-8adf-457f-a94f-5a4b0d1ca2b9"Copy the code

The NPM package dotenv reads the configuration of the.env file into the Nodejs program.

npm install dotenv --saveCopy the code

Env configuration information from the environment variable:

require("dotenv").config(); var MongoClient = require("mongodb").MongoClient; // Reference .env vars off of the process.env object MongoClient.connect( process.env.DB_CONN, function(err, db) { if (! err) { console.log("We are connected"); }});Copy the code

Here’s the catch: Don’t send configuration files to a Git repository, as you might leak private data. However VSCode solves this problem for you (what, you don’t use VSCode?).

VSCode starts the configuration

VSCode can configure Node startup configuration, where you can set environment variables:

To get through the.env file, we can set the envFile property in the configuration:

{
  "envFile": "${workspaceFolder}/.env"
}Copy the code

The program still uses Dotenv to read environment variables. Doing so keeps the configuration in VSCode, not code, so you don’t have to worry about accidentally uploading the configuration file!

The use of Npm Scripts

The authors recommend a good practice: run projects using NPM start instead of exposing Node commands. Configure the Npm mode in VSCode launch.json:

Remember that you need to add the –inspect argument to the Node script to trigger the VSCode debugger hook:

This way, you can start Node with NPM start and read the environment variables configured in VSCode.

Environment variables of the production environment

The above explained how to use environment variables for local development, but in production, environment variables must be managed differently.

Microsoft Azure management environment variables.

The main idea is to provide environmental variable management services through a middleman who does not earn the difference. Start your Node project on Azure CLI and get the environment variable information from the cloud service platform.

3 intensive reading

Environment variable management is a very important issue, and I’ve seen many examples of how not to submit corporate database passwords to Github.

This article describes a number of ways in which environment variables are used for local development, and I supplement my experience with environment variables in production.

Private deployment

If you’re in a company with a high level of automation, this problem has been solved naturally by private Git + private cloud servers.

Yes, deploying private Git and committing your database password to a Git repository is the perfect solution!

Persist the configuration service

The service store environment variable is configured using a custom or open source Azure persistence configuration and is retrieved on the server using the SDK.

Generally, cloud service providers package this service, because only the server and persistent configuration service are provided by the same vendor, the vendor can associate the persistent configuration with the server permissions, so that the third-party server cannot access the configuration even if it gets the Token.

Encryption services

If the security level is so high that internal Git will not allow you to commit, and if you want to prevent a third party (such as a broadband operator) from intercepting the information, use an encryption service.

The general process is:

1. Register with the encryption platform and get the key.
2. Set the environment variable in the encryption platform, which encrypts the content.
3. The Node SDK was used to obtain the ciphertext output from the encryption platform.
4. Decryption into plaintext using SDK and key.

4 summarizes

Students working in companies with complete infrastructure may not need to worry about the safety of environmental variables. For those of you who set up your own blog or use a third-party server, this article tells us three things to note:

1. Do not commit important environment variables to an open Git repository.
2. Debugging environment variables locally via VSCode is both convenient and secure.
3. The production environment obtains environment variables from the environment variable configuration service provided by cloud service providers.

5 More Discussions

The discussion address is:
How to Use environment variables in NodeJS · Issue #89 · dt-fe/weekly

If you’d like to participate in the discussion, pleaseClick here to, with a new theme every week, released on weekends or Mondays.