Handle secrets like API keys securely in javascript projects with environment variables

Sdílet
Vložit
  • čas přidán 7. 11. 2023
  • In this video we look at how to effectively use the dotenv npm package to securely use secrets like API keys by loading them into your project as environment variables. To do this we first place our secrets in a .env file and the dotenv project will load these in as env variables.
    You can find a copy of the code used in this video in my public GitHub repository - github.com/mackenziejj/node-e...
  • Věda a technologie

Komentáře • 11

  • @mk72v2oq
    @mk72v2oq Před 8 měsíci +3

    Worth mentioning that Node.js recently (20.6) introduced native support for .env files. So if your application supposed to run on new versions, you can drop dotenv dependency.

    • @dotenvx
      @dotenvx Před 7 měsíci

      there's some caveats - no multiline support, no override support, no expansion support, and no .env.vault support. We wrote about it on our blog.

  • @Ameer_Ameen
    @Ameer_Ameen Před 7 měsíci +1

    perfect video, thank you so much!

  • @ecstasy3129
    @ecstasy3129 Před 5 měsíci

    Good

  • @richardnpaul_mob
    @richardnpaul_mob Před 8 měsíci

    ps -e reveals those secrets so env vars are not the best idea either (better than hard coding but there are better ways yet than env vars)

    • @GitGuardian
      @GitGuardian  Před 8 měsíci +2

      We agree but this really gets into a deep conversation about the architecture behind your application and what is infrastructure it is running on. Envrionment variables won't be exposed unless one or more applications are already compromised so while it is not the most secure way, it is a good starting point in understanding how to handle secrets.

    • @richardnpaul_mob
      @richardnpaul_mob Před 8 měsíci +1

      @@GitGuardian that's fair though it's always good to know that there are downsides and potentially better approaches even if you're showing the most balanced approach in terms of trade-offs between effort to implement and deploy versus amount of improvement it gives 👍😊

    • @GitGuardian
      @GitGuardian  Před 8 měsíci +1

      @@richardnpaul_mob Good points, next videos on my planned list are using secrets managers and vaults for secrets. We appreciate you giving us feedback 👍

    • @richardnpaul_mob
      @richardnpaul_mob Před 8 měsíci +1

      @@GitGuardian I'd better subscribe then 😊

    • @mk72v2oq
      @mk72v2oq Před 8 měsíci +1

      If your production environment is compromised, you are screwed. It doesn't really matter if env variables are visible, because malicious actor can simply directly read .env file (or whatever place you store secrets in) anyway.

Další v pořadí
Automatické přehrávání
Store & manage secrets like API keys in Python - Tech Tip Tuesdays12:46Store & manage secrets like API keys in Python - Tech Tip Tuesdays
Store & manage secrets like API keys in Python - Tech Tip TuesdaysGitGuardian
zhlédnutí 19K
5 JavaScript API Key Mistakes (and how to fix them)12:495 JavaScript API Key Mistakes (and how to fix them)
5 JavaScript API Key Mistakes (and how to fix them)James Q Quick
zhlédnutí 73K
Chat with Power BI - Unveiling the Power of Chat with Power BI: Insights into your AI Conversations3:03Chat with Power BI - Unveiling the Power of Chat with Power BI: Insights into your AI Conversations
Chat with Power BI - Unveiling the Power of Chat with Power BI: Insights into your AI ConversationsMetropolis Clouds
zhlédnutí 4
THE POLICE TAKES ME! feat @PANDAGIRLOFFICIAL #shorts00:31THE POLICE TAKES ME! feat @PANDAGIRLOFFICIAL #shorts
THE POLICE TAKES ME! feat @PANDAGIRLOFFICIAL #shortsPANDA BOI
zhlédnutí 24M
Kendrick Lamar - Not Like Us05:55Kendrick Lamar - Not Like Us
Kendrick Lamar - Not Like UsKendrickLamarVEVO
zhlédnutí 35M
Luggage to the Rear 🤣?! 2025 Porsche 911GTS Hybrid #shorts00:20Luggage to the Rear 🤣?! 2025 Porsche 911GTS Hybrid #shorts
Luggage to the Rear 🤣?! 2025 Porsche 911GTS Hybrid #shortsthomas.letsgo
zhlédnutí 2,6M
1 or 2?🐄00:121 or 2?🐄
1 or 2?🐄Kan Andrey
zhlédnutí 45M
100+ Linux Things you Need to Know12:23100+ Linux Things you Need to Know
100+ Linux Things you Need to KnowFireship
zhlédnutí 612K
3.4 Hiding API Keys with Environment Variables (dotenv) and Pushing Code to GitHub11:513.4 Hiding API Keys with Environment Variables (dotenv) and Pushing Code to GitHub
3.4 Hiding API Keys with Environment Variables (dotenv) and Pushing Code to GitHubThe Coding Train
zhlédnutí 272K
Manage secrets with AWS Secrets Manager with Python - Tech Tip Tuesday18:09Manage secrets with AWS Secrets Manager with Python - Tech Tip Tuesday
Manage secrets with AWS Secrets Manager with Python - Tech Tip TuesdayGitGuardian
zhlédnutí 551
Hide API keys in Python scripts using python-dotenv, .env, and .gitignore15:52Hide API keys in Python scripts using python-dotenv, .env, and .gitignore
Hide API keys in Python scripts using python-dotenv, .env, and .gitignoreJonathan Soma
zhlédnutí 44K
Your API Keys are NOT SAFE in a native app 🤬9:26Your API Keys are NOT SAFE in a native app 🤬
Your API Keys are NOT SAFE in a native app 🤬Simon Grimm
zhlédnutí 10K
These Coding Projects Give You An Unfair Advantage14:39These Coding Projects Give You An Unfair Advantage
These Coding Projects Give You An Unfair AdvantageHarkirat Singh
zhlédnutí 329K
"Avoid THIS Bad Practise In Python": An Introduction to .env Files8:06"Avoid THIS Bad Practise In Python": An Introduction to .env Files
"Avoid THIS Bad Practise In Python": An Introduction to .env FilesIndently
zhlédnutí 22K
Secrets and Environment Variables in your GitHub Action8:12Secrets and Environment Variables in your GitHub Action
Secrets and Environment Variables in your GitHub ActionDev Leonardo
zhlédnutí 33K
Next.js Best Practices: Protecting Server Code from Client Access15:07Next.js Best Practices: Protecting Server Code from Client Access
Next.js Best Practices: Protecting Server Code from Client AccessCode Ryan
zhlédnutí 928
Tiny Keyboard Family00:18Tiny Keyboard Family
Tiny Keyboard Familyjuskim
zhlédnutí 4,3M
Poslední CZC.cz výprodeje...00:39Poslední CZC.cz výprodeje...
Poslední CZC.cz výprodeje...GeekBoy
zhlédnutí 138K
Ordering my 1,000,000 subscriber play button #carterpcs #tech #techtok #gaming #techfacts00:26Ordering my 1,000,000 subscriber play button #carterpcs #tech #techtok #gaming #techfacts
Ordering my 1,000,000 subscriber play button #carterpcs #tech #techtok #gaming #techfactsCarterPCs
zhlédnutí 4,2M
The 2024 viral phone case🙌 #smartphone #mobileaccessories #phonecase #casecollection #tech00:16The 2024 viral phone case🙌 #smartphone #mobileaccessories #phonecase #casecollection #tech
The 2024 viral phone case🙌 #smartphone #mobileaccessories #phonecase #casecollection #techSyncswift
zhlédnutí 1,6M
Why 3D Printing Struggles with Curved Surfaces #3dprinting01:00Why 3D Printing Struggles with Curved Surfaces #3dprinting
Why 3D Printing Struggles with Curved Surfaces #3dprintingSlant 3D
zhlédnutí 1,9M
Product Link in Bio ( # 1636 ) @MaviGadgets ✅ Smart Universal Magnetic Car Phone Holder00:14Product Link in Bio ( # 1636 ) @MaviGadgets ✅ Smart Universal Magnetic Car Phone Holder
Product Link in Bio ( # 1636 ) @MaviGadgets ✅ Smart Universal Magnetic Car Phone HolderMaviGadget
zhlédnutí 10M
Creative Economy Computer00:59Creative Economy Computer
Creative Economy ComputerMaker Y
zhlédnutí 3,5M
Google Glass, but it's 2024.09:00Google Glass, but it's 2024.
Google Glass, but it's 2024.DankPods
zhlédnutí 468K