Introduction: Environment variables are very useful to store sensitive information in Node.js. Here is the tutorial to use environment variables in secure way.
Environment variables are global variables which are available to use under env object of global process object in Node.js.
The operating system has also a set of environment variables which provides useful information globally.
printenv command shows all Unix OS environment variables.
Many hosting providers have built-in support to set environment variable right from the dashboard. This provides easier application management because we can update any Ports or expired API keys directly without touching the code.
What are Environment variables in Node.js?
Environment variables are pieces of information which are loaded into the process object for further use.
We can directly
console.log(process.env)in Node.js REPL or in Node.js file to see all environment variables.
Whenever the Node.js process starts it automatically add environment variables in
env object of global
The environment variables are generally stored into
.env file in the form of
When the application is initialized, these variables are loaded into
process.env for global use into the application. We can access these variables from any application files.
Why use env file or environment variables with Node.js?
Env files store the environment variables. It is NEVER recommended to hard code sensitive information like API keys.
Suppose you created a TODO application which stores data in MongoDB and hardcoded the connection string (they are secure as passwords). Now you publicly shared the code on GitHub. Anyone who views your code can get the database connection string and abuse the resources.
Environment variables come to rescue in this case. We create a
.env file and store the connection string in variables and exclude them from public sharing.
Environment variables in
.env file is a bit more secure (controversial topic) then hard coding. They are destroyed when the application terminates.
They also provide a single source to store sensitive information which we can use globally in our application.
Some peoples prefer to use a config file for this purpose but we need to manually import them in files to use them. It also removes the advantages to manage environment variables from the dashboard.
Node.js Environment Variables Configuration
From command line
Prefix the Node.js start command with environment variables in the format
name="value" to set environment variables during application start.
PORT=3000 node app.js
It will store a key PORT value 3000 pair into the env object of global process object in Node.js. To verify this we can console log the PORT variable form app.js file.
The problem with this approach is that we need to manually pass all variables everytime when starting the application. If we forget to pass a specific variable then it will make our application inconsistent.
Using .env file
This is the most common and recommended way of using environment variables in Node.js.
The process is very simple. We need to install
dotenv from npm and use it in
app.js index file.
npm i dotenv
Now we can create
.env file in the main directory of the application where package.json and node_modules resides.
The format of environment variables in
.env files are name=value per line.
PORT = 3000 DB_CONN_STRING = [email protected] SENDGRID_API = fgdigydf78gyi5r80943758734fgrf67347
Note that files starting with
.are hidden in UNIX based operation systems. You need to enable "show hidden files" to view
Directly (Not Recommended)
It is also possible to set environment variables at runtime, but I don't know why you will do that.
It is never recommended to set environment variables in this way.
process.env.PORT = 3000 console.log(process.env.PORT)
This was the whole thing about environment variables in Node.js. To summarize we can say that environment variables are a better way to store sensitive information in one place.
We can easily exclude them while sharing the application and tell users to create their own .env files with their own specific data like API keys.
Several web hosts provide a way to set environment variables directly from the dashboard.
Here are some common items which we generally store in
- API keys
- PORT information to run the application
- Database connection strings
- Important usernames and passwords