Get and Set Environment Variables in Node.js
One of the best ways to use sensitive information in open source repositories without hard-coding the information within publicly available repositories is setting environment variables. Set the environment variables on the server, retrieve them by key within your application.
When using Node.js, you can retrieve environment variables by key from the process.env object:
var mode = process.env.mode; // 'PRODUCTION', for example
var apiKey = process.env.apiKey; // '38294729347392432'
There are time when you may want to set environment variables while you run your node app -- these are set temporarily while the process is still running. A common case is simulating environment variables during testing. You can temporarily set these variables by pegging items onto the process.env object:
process.env.mode = 'TESTING';
// Now app code knows not to do destructive transactions!
Simple enough but worth documenting for future use!
![fetch API]()
One of the worst kept secrets about AJAX on the web is that the underlying API for it, XMLHttpRequest, wasn't really made for what we've been using it for. We've done well to create elegant APIs around XHR but we know we can do better. Our effort to...
![5 HTML5 APIs You Didn’t Know Existed]()
When you say or read "HTML5", you half expect exotic dancers and unicorns to walk into the room to the tune of "I'm Sexy and I Know It." Can you blame us though? We watched the fundamental APIs stagnate for so long that a basic feature...
![Flexbox Equal Height Columns]()
Flexbox was supposed to be the pot of gold at the long, long rainbow of insufficient CSS layout techniques. And the only disappointment I've experienced with flexbox is that browser vendors took so long to implement it. I can't also claim to have pushed flexbox's limits, but...
![Using Dotter for Form Submissions]()
One of the plugins I'm most proud of is Dotter. Dotter allows you to create the typical "Loading..." text without using animated images. I'm often asked what a sample usage of Dotter would be; form submission create the perfect situation. The following...
I believe it’s more common to use
process.env.NODE_ENVinstead ofprocess.env.modeThis is an interesting problem. What if you are using aws or heroku for hosting? You could have your deployment script setup the keys, but you’d need to prompt each time you create a new instance.
I encrypted the keys in a json file with AES 256 and in my run/deploy script it prompts for a password and decrypts it running the rest of the application with env variables. It’s not perfected yet, but this might be a good way to put it on github.
Are these variables just being set via the command line?
Yep!
I have had great success with json-configurator (https://www.npmjs.com/package/json-configurator). Use it with
process.env.NODE_ENVas a input.require('json-configurator')(configJson, process.env.NODE_ENV ).userEndpoint;