Why do i need to hide api keys/environment variables for my server?
Question
I'm asking this question in the context of a MERN stack app, but I'm sure it's applicable generally as well.
Why must we hide our API keys for databases and other services in our server. If we must abstract it from the code using dotenv or other mechanisms, does this mean that users have a way of looking at our code? Doesn't this mean that users will be able to see our server-side business logic?
I'm very confused about this. :(
2 answers
solution1
0 2021-03-10 12:47:51
one important advantage for the developers is that it makes deploying code to different environment easy. when hardcoding those values that means you need change the code when running it localy, in a dev environment or in a productions environment.
solution2
0 2021-03-10 12:47:56
The api keys/environment variables usually contains some sensitive information. For example, token secret, db connection info, etc. If you put them into version control directly, those sensitive data may leak to unwanted parties.
Also, by abstracting those variables, we can configure them more easily when we build and run the project. For example, if we want to start up multiple servers using the same code base, but we want each of them to connect to different instances of MongoDB, we can just configure the environment variables instead of making changes to the code base.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.