Recently I ran into a challenge with a repo that I am actively building with. The repo houses the code for my Bedtime Checklist App, a small app I’ve built to aid in guiding distracted children thru bedtime in the evenings. If you’ve ever tried getting an overstimulated 5 year old to bed, you know the challenge.
The repo is currently hosted on github as a private repository. I have been interested in making the repo public so that I can display and share my work. The challenge here is that some files in my repo currently house the values to critical connections, including my database and http authorization.
What I hoped to do was separate those connections out into their own hidden file. Initially I considered a git submodule, which I had used to integrate my custom React Component Library.
However, as I looked into it more I realized a .env file would accomplish my goals. A .env added to the root of the project allows the me to set the values in that file, specific to my current environment. I am then able to remove those connection details from my repo code.
Then, by adding .env to my .gitignore, I’m able to prevent that file from being committed to the repo. Adding the npm package dotenv to my app then scanned to .env file for these values:
NODE_ENV=development
PORT=3000
USER=yourChosenUserName
PASSWORD=ass0ciatedPassw0rd
Example contents of a .env file. The variables are then available in my app in the format of process.env.USER.
This allowed for the connections to work on my local development repo. For production the process varied just slightly. My app is hosted on Digital Ocean, and instead of creating a .env file for that environment, I entered the values into the App-level Environment Variables field. DO then makes these variables available to my app, just as if I had defined them in a .env.
And that was it! Now I am able to move all sensitive connection details out of my repo, which I will then make public.
Until next time!
Leave a Reply