NodeJS encrypted connection string to Postgres

Question

I am learning NodeJS by building a JWT server. Basically I want to authorize users against credentials in a PostgreSQL database. I am considering node-postgres, passport, pg to connect with PostgreSQL but I have not found anyway to store my connection values encrypted. Ideally I would store them in a properties file so I can change them per environment.

Most examples I see do something like:

var pg = require('pg');
var conString = "postgres://YourUserName:YourPassword@localhost:5432/YourDatabase";

Can someone help show me how to encrypt and use my credentials so I don't have to hard code the plain values in my source?

Appreciate this is an old answer; mostly writing this for posterity. Putting credentials in source code like this is usually a bad idea, often a very bad one. Pulling them in from the deployment environment gives you more granular access control and operational flexibility. — Richard Marr, May 16 '17 at 13:45

score 2 · Answer 1 · edited May 23 '17 at 12:10

2

There seem to exist npm packages for this already. See https://www.npmjs.com/package/secure-conf. Seems to fulfill your needs.

Please note, that you should also secure your Connection to the DB using SSL. See SSL for PostgreSQL connection nodejs for a Solution.

edited May 23 '17 at 12:10

Community

1
1

answered Jan 14 '17 at 22:27

triplem

1,324
13
26

Thank you for the quick and awesome answer - will start on that now! – sonoerin Jan 14 '17 at 22:32

score 0 · Answer 2 · answered Sep 16 '17 at 20:14

This should help.

if you use sequelize to connect postgres

const sequelize = new Sequelize("DB", usrname, password, { host: "/var/run/postgresql", dialect: "postgres", });

NB: get the host string from your pgsl db might be different //

NodeJS encrypted connection string to Postgres

2 Answers2