9

This would be very useful for storing API keys or other sensitive information. From what I understand, you can use config files locally but they won't work on meteor.com, but I heard a rumor that environment variables were soon to be supported, or are already as of a recent release, but I can't find any examples.

Can someone provide an example of how to retrieve a value from an environment variable or some other safe location?

Samo
  • 8,202
  • 13
  • 58
  • 95
  • Hi, what's wrong with an object literal storing this information? Do you have concerns about the secureness in the client? Everything you use inside the client will be visible there. You can try to hide it, of course... – Andreas Sep 28 '12 at 19:36
  • No, my concern is with exposing information on github, as the repo is public. – Samo Oct 03 '12 at 05:30

3 Answers3

4

You can actually access the process object to retrieve environment variables in Meteor. In essence, just do the same as in this solution

Community
  • 1
  • 1
Aaron
  • 2,185
  • 14
  • 14
  • Thanks, but how would I set these variables on meteor.com for use in my deployed code? This will work fine temporarily while I'm still in development, but when I decide to deploy... – Samo Oct 19 '12 at 17:56
  • Right, it won't work when deploying to Meteor's servers. But if you deploy to your own server it will work just fine. Sorry, I didn't read closely enough to see that you were only concerned with environment variables on meteor.com. – Aaron Oct 23 '12 at 07:07
3

After some thought, storing them all in a .js file inside an object literal, adding that file to the .gitignore, and checking in a corresponding .js.sample file with dummy or blank values would do the trick.

Samo
  • 8,202
  • 13
  • 58
  • 95
3

There's a much better way to handle environment variables. If you come from Ruby on Rails you're used to setting your environment variables in your .ENV file or in your config/application.yml file.

Meteor handles environment variables in a similar way.

Create settings.json file

Inside your server folder in your project, create a file and name it settings.json. Add this file to your gitignore file.

Inside this JSON file, you can save any environment variables you need.

{
  "facebookAppId": "6666667527666666",
  "facebookAppSecret": "00004b20dd845637777321cd3c750000",
  "amazonS3Bucket": "bucket-name"
}

Loading the environment variables

To use these values inside your app during runtime, start Meteor with a --settings option flag.

$ meteor run --settings server/settings.json

Use the values

To use the values, just call the Meteor.settings object.

ServiceConfiguration.configurations.upsert(
  { service: "facebook" },
  {
    $set: {
      appId: Meteor.settings.facebookAppId, 
      secret: Meteor.settings.facebookAppSecret
    }
  }
);

That's all there is to it! Keep your settings safe, and do not commit your keys.

Sergio Tapia
  • 9,173
  • 12
  • 35
  • 59
  • 2
    It's worth mention that you will only see `Meteor.settings` object on the Client only if the corresponding keys are wrapped into `"public":` key. – avalanche1 Jul 30 '15 at 10:53