dotenv_如何使用dotenv为应用程序存储安全信息

dotenv

This article is about saving username and password credentials information for secure database access on 3rd party sites such as mLab in your local testing environment. This lets you protect them from anyone looking at your public repository on a site like github.

本文是关于在本地测试环境中保存用户名和密码凭据信息以安全访问第三方站点(例如，mLab)上的数据库的信息。 这样，您就可以保护他们免受任何在github等站点上查看您的公共存储库的人的侵害。

Secure or private information should never be stored inside your code and pushed to a repository. This is because it would be publicly exposed which puts your information at risk. It also puts you at risk of losing API or database access if someone uses your credentials fraudulently.

安全或私人信息绝对不应存储在您的代码内，也不应该推送到存储库中。 这是因为它将被公开暴露，从而使您的信息面临风险。 如果有人欺诈性地使用您的凭据，这也使您有失去API或数据库访问权限的风险。

This wiki article discusses how to protect your credentials using the export command. In order to make these variables persistent you have two choices. However, the enivorment variables set this way are erased each time the shell is restarted, such as when you shut down your computer and restart for a new coding session.

这篇Wiki文章讨论了如何使用export命令保护您的凭据。 为了使这些变量具有持久性，您有两种选择。 但是，每次重新启动外壳程序时(例如，当您关闭计算机并重新启动新的编码会话时)，都会擦除以这种方式设置的操作变量。

You’d have to go through all the steps again to set your environment variables each time you started a new terminal shell. This means you’d need to store your credentials in text file somewhere, or keep looking them up in your third party account (such as mLab).

每次启动新的终端程序外壳程序时，都必须再次执行所有步骤来设置环境变量。 这意味着您需要将凭据存储在某个地方的文本文件中，或者继续在您的第三方帐户(例如，mLab)中查找它们。

Doing this each time you start a new session gets tedious. So rather than store these in the code itself where it’s easy to find, I’m going to show you a way to use the text file and import your credentials.

每次开始新的会话时，这样做都会很麻烦。 因此，我将向您展示一种使用文本文件并导入凭据的方法，而不是将它们存储在易于查找的代码本身中。

The first choice is to use your shell profile and export these variables each time you start up a new terminal. However over a few weeks of developing new applications and projects your shell profile would get clogged up with a massive list of variables that you won’t need every session. You only need the credentials for the application you are currently working on.

首选是使用外壳程序配置文件，并在每次启动新终端时导出这些变量。 但是，在开发新应用程序和项目的几周后，您的shell配置文件将被大量的变量阻塞，而您不需要每次会话。 您只需要当前正在使用的应用程序的凭据。

清理包含安全凭证的git repo (Cleaning up a git repo containing secure credentials)

If you have already pushed your repository to github with your credentials stored in the codebase, simply deleting them and pushing it again will not help. This is because your credentials are stored in your history, which is visible to the public as well. If this is the case use these commands to reset your git repository and wipe out your history.

如果您已经使用存储在代码库中的凭据将存储库推送到github，则简单地将其删除并再次推送将无济于事。 这是因为您的凭据存储在您的历史记录中，并且对公众也是可见的。 如果是这种情况，请使用以下命令重置git存储库并清除历史记录。

First, delete your repo from github. You’ll create a new one when we are ready.

首先，从github删除您的仓库。 准备好后，您将创建一个新的。

Second, delete your local git repository from your working directory. Change directories to your working directory. Your .git repo file should be in here.

其次，从工作目录中删除本地git存储库。 将目录更改为您的工作目录。 您的.git回购文件应位于此处。

BEWARE: using the -rf flag can delete your entire hard drive if not used correctly. I use the -i flag, which stands for interactive to be certain I am IN the correct directory.

注意：如果使用不正确，使用-rf标志可以删除整个硬盘。 我使用-i标志，它表示交互式，以确保我在正确的目录中。

After sorting through a few files and I am 100% sure I’m in the right place, I’ll kill that command and run it again without the -i flag. Do what you feel most comfortable with, but it’s advised that you have a full backup of your computer (in more than one place) before running a -rm command.

在整理了几个文件之后，我100％地确定我在正确的位置，我将终止该命令并再次运行它而没有-i标志。 尽您所能进行，但建议您在运行-rm命令之前对计算机进行完整备份(在多个位置)。

cd <project-name>
rm -i -rf .git

Third, be sure to update your .gitignore file to include the .env file in addition to any other folders you wish to keep private. Local IDE files such as .idea/ if using jetbrains for example, could be in this file. My .gitignore file looks like this. Note that you can add a folder or file here before it is created without causing any errors.

第三 ，请确保将您的.gitignore文件更新为除了要保留为私有的任何其他文件夹之外，还包括.env文件。 例如，如果使用jetbrains，则本地IDE文件(例如.idea /)可以在此文件中。 我的.gitignore文件如下所示。 请注意，您可以在创建文件夹或文件之前在此处添加文件夹或文件，而不会引起任何错误。

.gitignorenode_modules.envdata/.idea/

.gitignore node_modules.envdata / .idea /

Finally create a new repository. Now you’re ready to continue creating your .env file and pushing your repo safely to github and keep your credentials safe.

最后创建一个新的存储库。 现在，您可以继续创建.env文件，并将您的存储库安全地推送到github，并确保凭据安全。

git init

git init

如何在本地应用程序中使用dotenv (How to use dotenv in your local application)

This is where the node module dotenv can help. To use dotenv, you need to require it in your application code. Call the config() function on it which pulls your credentials from a locally stored file on your computer. This file is named .env.

这是节点模块dotenv可以提供帮助的地方。 要使用dotenv，您需要在应用程序代码中要求它。 在其上调用config()函数，将您的凭据从计算机上本地存储的文件中提取。 该文件名为.env 。

Step 1: Create a .env file and store your variables in itMONGOLAB_URI="mongodb://username:password@ds01316.mlab.com:1316/food"

步骤1：创建一个.env文件，并将变量存储在其中MONGOLAB_URI="mongodb://username:password@ds01316.mlab.com:1316/food"

Step 2: Require dotenv in your main application in your main app.js (or whatever you have named it)var dotenv = require('dotenv');

第2步：在主app.js (或任何已命名的主程序)中的主应用程序中需要dotenv var dotenv = require('dotenv');

Step 3: Call the config function on your variable. (note this can all be done in one line by chaining, but I like seeing this occur as a separate activity).dotenv.config();

步骤3：在变量上调用config函数。 (请注意，所有这些都可以通过链接在一行中完成，但是我喜欢将其作为单独的活动进行)。 dotenv.config();

Step 4: Set your mongodb URL by calling your process varables:var url = process.env.MONGOLAB_URI;

步骤4：通过调用流程变量来设置mongodb URL： var url = process.env.MONGOLAB_URI;

This solution keeps your code clean of the secure credentials you do not want to push to a public repository, while keeping each application neatly organized and saving time during development.

该解决方案使您的代码免于不想推送到公共存储库的安全凭据，同时保持每个应用程序的井井有条，并节省了开发时间。

在Mac OS X中设置环境变量的位置 (Where to Set Environment Variables in Mac OS X)

At the command line, environmental variables are defined for the current shell and become inherited by any running command or process. They can determine anything from the default shell, the PATH, etc.

在命令行中，环境变量是为当前shell定义的，并被任何正在运行的命令或进程继承。 他们可以从默认shell，PATH等确定任何内容。

翻译自: https://www.freecodecamp.org/news/how-to-store-secure-information-for-applications-with/

dotenv