[英]Where should I store my secret keys for my Node.js app?
I am really struggling as to how I should hide my keys. 我真的很挣扎如何隐藏我的钥匙。
The two keys I need to hide are secrets.crypto and secrets.jwt... I plan on hosting my application on AWS using Elastic Beanstalk. 我需要隐藏的两个密钥是secrets.crypto和secrets.jwt ...我计划使用Elastic Beanstalk在AWS上托管我的应用程序。
Also I am not sure where I would put my keys for access to things like my Dynamodb and my S3 bucket. 此外,我不知道我会把钥匙放在哪里,以便访问像我的Dynamodb和我的S3桶这样的东西。
exports.generateToken = (type, user) => {
if (!_.isString(type)) {
return undefined;
}
try {
//Turn the json object of the current user's id and the type of token into a string
var stringData = JSON.stringify({
_id: user._id,
type: type
});
//Take the json string and encrypt it with a secret then turn it back into a string
var encryptedData = cryptojs.AES.encrypt(stringData, secrets.crypto).toString();
//Take the encryptedData and turn it into a token with a secret
var token = jwt.sign({
token: encryptedData
}, secrets.jwt);
return token;
} catch(e) {
return undefined;
}
};
In Elastic Beanstalk I believe the preferred way to store keys like this is via environment variables. 在Elastic Beanstalk中,我认为存储这样的密钥的首选方法是通过环境变量。 You can use the command
eb setenv key=value
to set an environment variable. 您可以使用命令
eb setenv key=value
来设置环境变量。 More information about this here . 关于这方面更多的信息在这里 。
For accessing the AWS API, which you mention in regards to accessing DynamoDB and S3, you would not use keys at all. 要访问您在访问DynamoDB和S3时提到的AWS API,您根本不会使用密钥。 For this you would assign an IAM instance profile to the EC2 servers created by Elastic Beanstalk.
为此,您可以将IAM实例配置文件分配给Elastic Beanstalk创建的EC2服务器。 This is documented here .
这在此处记录 。
Create a configuration file for all the envoirments like development, production and add all the secret keys init and use anywhere you want. 为开发,生产等所有产品创建配置文件,并添加所有密钥init并在任何地方使用。
config.json file
{
"development": {
"Secret1": "Your Secret Here",
"Secret2": "Your Secret Here",
"db":{
//development database settings here
}
},
"production": {
"Secret1": "Your Secret Here",
"Secret2": "Your Secret Here",
"db":{
//development database settings here
}
}
}
var config = require('./config.json');
config.Secret1;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.