TheLazy.Dev
Portfolio GitHub

Blog

100daysofcode |javascript

Handling token secrets

mtee

Margaret W.N

Posted on August 18, 2020

Handling token secrets

How do i safely store a token secret?

Most of the resource i've come across talk of adding it to a .env file. However, there is a whole other bunch of resources that discredit the use of an .env file to store token secrets.

Since i'm simply learning i'll use .env before I find a better alternative for that. I previouly had my token secret stored in a config.js file which doesn't exactly make it a secret. I'll save that to a .env file and try and use it.

SECRET=ed5a2131834e4e0dd1fb7b9d1d0a1db71802a13a02011b19a98152b7988ad9215613c064a0ded303c39ab328b6181494
Enter fullscreen mode Exit fullscreen mode

I'll npm install dotenv, include it in the user controller.js file and save the token secret to a variable. Then replace the config.secret with the varibale name.

require('dotenv').config();
const secret = process.env.SECRET

 const token = jwt.sign({ id: user._id }, secret, {
        expiresIn: 86400 
      });
Enter fullscreen mode Exit fullscreen mode

I suppose its safe now, for as long as it's in development.

Day 33

πŸ’– πŸ’ͺ πŸ™… 🚩
mtee
Margaret W.N

Posted on August 18, 2020

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Day 23 of 100DaysOfCode
javascript Day 23 of 100DaysOfCode

October 3, 2024

Day21 of 100DaysOfCode
javascript Day21 of 100DaysOfCode

August 22, 2024

Day22 of 100DaysOfCode
javascript Day22 of 100DaysOfCode

September 7, 2024

The Truth About Coding Bootcamps: Investment or Risk?
beginners The Truth About Coding Bootcamps: Investment or Risk?

August 22, 2024

Day 2 of #100daysofMiva Coding Challenge
100daysofmiva Day 2 of #100daysofMiva Coding Challenge

August 22, 2024