Store your environment variables in a dynamic env.js file and encrypt so you can commit your variables to source control.
With yarn:
yarn add envdotjs
Or with npm:
npm install --save envdotjs
Add an env.js
file to the root of your project:
module.exports = {
SOME_VARIABLE: '123'
}
Then as early as possible in your application:
require('envdotjs').load()
envdotjs will attempt to load an encrypted file (env.js.enc
) first. If it's not found it will then load env.js
. Encryption is obviously preferable if you want to keep your environment variables in source control. See below for information on encryption.
If you want to encrypt your variables, you first need to set a key. There are 3 ways to do this.
Create a env.js.key
file in the root of your project containing whatever key you want to use. envdotjs will automatically find this file and use it to encrypt and unencrypt the contents of your env.js
file. Make sure you don't check this file or your env.js
file into source control.
You can also set a variable in the environment called ENVDOTJS_KEY
with the value of your key. If you also have a env.js.key
file and the environment variable set, the environment variable will get used.
If you need more control over where the key is, you can also set it in the options during the load:
require('envdotjs').load({
key: 'some-secure-key'
})
key
: Sets encryption key. Defaults to process.env.ENVDOTJS_KEY, then contents of env.js.key.path
: Path to your encrypted or unencrypted environment file. Defaults to env.js.enc, then env.js.strict
: Set to true if you want endotjs to throw an error if something goes wrong. By default, it will just log a warning to the console.
You can encrypt files using the node module itself, but it's more convenient to use the CLI.
npm install --global envdotjs
envdotjs encrypt
This will encrypt your env.js
file using the key that's location in your env.js.key
file. For more advanced usage, check for options with envdotjs --help
- Encrypt your
env.js
file any time it changes. This will ensure your development environment matches your deploys. - Never commit
env.js
orenv.js.key
files to source control