How can I test the dotenv package to ensure it is hiding sensitive data?
Question
The dotenv package is used in Node.js apps to hide sensitive data from the outside world.
Deploying it is simple enough,
npm install dotenv
Setting up a custom directory inside app.js to access a .env file is also straightforward,
require('dotenv').config({ path: path.join(__dirname, '/controllers/.env') });
.env stores data in a simple name/value pattern,
PORT = 5000
PASSWORD = myPassword123
From app.js it is easy to access this data,
console.log(`Listening on Port ${process.env.PORT}`);
Question: How do I know any of this is hiding data from the outside world? What test can I perform with dotenv enabled and disabled to show that it is hiding sensitive data? I'd like to be able to prove it is working.
1 answers
solution1
1 ACCPTED 2019-09-20 17:42:04
The dotenv package is used in Node.js apps to hide sensitive data from the outside world.
No it does not. According to the npm page
Dotenv is a zero-dependency module that loads environment variables from a.env file into process.env. Storing configuration in the environment separate from code is based on The Twelve-Factor App methodology.
It does not say anything about hiding data.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.