According to W3techs’ 2022 survey , 98% of websites use Javascript for client-side programming. Knowing Javascript in your toolbox is a must have for web developement. The good news is that you can also use Javascript for server side programming thanks to NodeJS, created by Ryan Dahl. You can quickly become fullstack with only one programming language.
One key concept you want to know for good developement practices is environment variables. Using environement variables is really easy with NodeJs as you just require one package : dotenv. The problem is that using environement variables, although it’s a good practice in itself, can lead to other bad practices if the environement variables management is lacking.
This why you need to use the right tool to make sure your environement variables are in good place, encrypted, and safely sharable with specific accesses to your team. With Onboardbase you can handle your environement variables management safely and really easily.
Javascript environement variables are configurations values and credentials for the different stages of developement or production of your Javascript project. Environement variables can be API keys, token keys, databse credentials etc. Some of them are called secrets, meaning they should never be shared in the code (hardcoded) or accessible by unverified third party.
Instead of having your database creadentials hardcoded, you might want for example to have a .env file in which you put your admin username, password and cluster for MongoDB like so :
DATABASE_ADMIN="adminUserName"
DATABASE_PASSWORD="greatPassWord!IsNtIt?"
DATABASE_CLUSTER="clusterName"
Those are environement variables. As you can see, you definetly do not want these credentials to be shared, especially passwords.
Let us give you three reasons to use environement variables.
1 - Prevent hardcoding secrets.
Hardcoding secrets is a bad practice that can lead to leaking your secrets to the world, as it happened recently to Toyota. It is bad for your company’s image and for you as a profesionnal developper.
2 - Keep track of the ongrowing amounts of secrets.
With all the external services that are needed for your project to to be developped and go to production, it can quickly become a nightmare if you don’t centralize all your secrets in a .env file.
3 - Environement variables are easy to use with NodeJS.
You absolutly want to prevent yourself from having a hardcoded secret ending on your remote repository. The good thing is environement variables are so easy to use thanks to NodeJS. All you have to do is installing the “dotenv” package with npm. Then you’ll be able to set up your .env file and import your developement variables. All you have to do then is add your .env files to the .gitignore file so you don’t push it on your remote repository.
Adding your .env files to .gitignore is for most developpers the most basic practice concerning environement variables. We claim that it is unsufficient secrets management for these four reasons :