Storing secure passwords for connecting to the database in open source projects
Cloud9 is a great service. IF you are creating a workspace that is public, it means that anyone who knows your project url and has an account at cloud9 can view and download your code. This means that if my project has, for example, a connection to mongodb, everyone will see the login and password to connect to mongo (because it will be in some source file).
The only option I can check for storing passwords securely ( except to make the project private) is to somehow add them to the environment variables and use the process.env.XXXXXX call in code. This seems to be safe because even though others can view my code, they cannot open a terminal and check what environment variables I have defined.
So, is there a way to add your custom environment variables so that they can be accessed via process.env.XXXXXX inside node code?
source to share
When running a project with cloud9 runners, an Environment popup appears on the right side of the runner toolbar. You can use it to add environment variables the way you want, but don't add the name to the config as the named configs are automatically saved in .c9 / project.settings
Another solution is to create a file in the directory that is not visible in readOnly mode. eg
echo "password" | sudo tee /xxx
you can even edit the file /xxx
using vi
cloud9 inside terminal.
But of course the best solution is to buy a premium subscription and get more private workspaces :)
source to share
You can define environment variables in ~/.profile
. Files outside the workspace directory are /home/ubuntu/workspace
not read-only for users. You can do for example
$ echo "export SECRET=geheim" >> ~/.profile
to define a variable SECRET
and then use it through process.env.SECRET
from your application. Runners (from the run button) and terminal evaluate ~/.profile
and make the environment variable available to your application.
source to share