Add .env for SECRET in authentication
See original GitHub issueHello,
When authentication is set up via feathers CLI, the secret is exposed in the file default.json
. People who are used to working with authentication will not have any trouble creating a .env
file, but I think it would be nicer and more secure to have a default .env
containing the automatically generated secret.
Obviously this implies some change, such as switching from default.json
to default.js
in config and installing dotenv.
Tell me what you think !
Thank,
Issue Analytics
- State:
- Created 6 years ago
- Comments:9 (3 by maintainers)
Top Results From Across the Web
Add .env for SECRET in authentication · Issue #111
Hello, When authentication is set up via feathers CLI, the secret is exposed in the file default.json. People who are used to working...
Read more >Using environment variables for basic authentication ...
An administrator can use the username and password container environment variables for basic authentication credentials.
Read more >Handling Passwords and Secret Keys using Environment ...
To set password or secret keys in environment variable on Linux(and Mac) you need to modify .bash_profile file that is in your home...
Read more >How to separate your credentials, secrets, and ...
This article shows how to separate your credentials and configurations from the application source code with the environment variables and ...
Read more >Secrets | Kubernetes
Use envFrom to define all of the Secret's data as container environment variables. The key from the Secret becomes the environment variable name ......
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
For those who want to keep using .env (industry standard): adding these two lines in the beginning of src/index.ts works as expected.
Test with
Can you explain a little more what the win would be? From what I understand
.env
is supposed to separate your configuration from you code but isn’t that the same as having it in those.json
configuration files (which can also load from environment variables). Right now we can uselocal-<env>.json
via node-config for environment settings we don’t want to check in.