How to hide connection details for mysql database in node.js?

Question

I just began working with mysql in node.js and I am setting up my app.js project and I am trying to hide my connection details such as my ip, username, pw, and db name. I don't know how to go about hiding my connection details, so this is why i'm here.

I have tried to add the details in my .profile, but I keep getting an authentication error. But, when I include these same connection details in my regular app.js file, it works and connects to the database.

Here is what is being displayed in my app.js file:

var connection = mysql.createConnection({
              host     : 'my.ip.address.info',
              user     : 'username',
              password : 'password',
              database : 'databaseName'
            });
console.log('Connected');
connection.connect();

I just want to hide my connection details so that when my site goes live in the future it is secured from prying eyes. I understand that leaving these connection details in my app.js file is not the correct thing to do, so that's why I'm asking for help!

score 3 · Accepted Answer · answered Aug 13 '19 at 03:16

3

You can create a .env file to set environment variables and use the dotenv package to surface them in your process.env.

https://github.com/motdotla/dotenv#readme

Create a file and name it .env and set your variables as such

host=my-ip-address-info,
user=username,
password=password,
database=databaseName

Then you can access them like:

var connection = mysql.createConnection({
          host: process.env.host
          user: process.env.username
          password: process.env.password,
          database: process.env.database
        });

You'll have to start your app with something like

node -r dotenv/config your_script.js

or add the following to the top of your entry script

require('dotenv').config();

I prefer the first method because those environment variables should be set by your host provider so there is no need for the require statement in your code.

answered Aug 13 '19 at 03:16

VtoCorleone

16,813
5
37
51

Thanks, going to try this in a bit, but how does my host provider do this? I am using digital ocean, they don't really provide any support lol Also, I am keeping my mySQL db completely separated from my web server that I am going to be using to create my web app. Thanks! – enyfour5 Aug 13 '19 at 04:37
I don't use DO but here's a quick google search on "digital ocean environment variables" https://www.digitalocean.com/community/tutorials/how-to-read-and-set-environmental-and-shell-variables-on-a-linux-vps. If you're keeping them separate (good idea), then create a `connect` function (or something similar) where you pass the parameters in. – VtoCorleone Aug 13 '19 at 13:46
It seems to be working, but not fully lol I keep getting an error: Error: getaddrinfo ENOTFOUND ip-addr-of-my-db, ip-addr-of-my-db,:3306 at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:56:26) – enyfour5 Aug 14 '19 at 01:11
I have been trying to resolve this issue to no avail, and I'm not sure why it's throwing me this error when I revert the code back to how it was with my connection details exposed, it works, but when I try your method, it throws that error. I can't seem to find a solution :( – enyfour5 Aug 14 '19 at 02:25
Turns out that it didn't need to be changed to mysql.createPool, instead I had to change the connection.connect(); line to connection.connect(function(err) { }); thank you so much for your original answer! so happy!!!! – enyfour5 Aug 15 '19 at 03:27

score 1 · Answer 2 · answered Aug 13 '19 at 03:18

1

I use dotenv.

yarn add dotenv

Create a .env file in the root directory of your project

host=my.ip.address.info
user=username
password=password
database=databaseName

Then from your code

require('dotenv').config();

let host = process.env.host;

Do not commit the .env file to a public repo.

answered Aug 13 '19 at 03:18

rodrigoap

7,405
35
46

It seems to be working, but not fully lol I keep getting an error: Error: getaddrinfo ENOTFOUND ip-addr-of-my-server-db, ip-addr-of-my-server-db,:3306 at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:56:26 – enyfour5 Aug 14 '19 at 15:25
I have been trying to resolve this issue to no avail, and I'm not sure why it's throwing me this error when I revert the code back to how it was with my connection details exposed, it works, but when I try your method, it throws that error. I can't seem to find a solution :( – enyfour5 Aug 14 '19 at 15:26
Check this other post: https://stackoverflow.com/questions/25521755/errorerror-getaddrinfo-enotfound-mysql – rodrigoap Aug 14 '19 at 23:54
yeah, this didn't help, I checked this too. I guess i'm just going to have to expose my connection details because i've spent the last 3 days trying to fix this : / – enyfour5 Aug 15 '19 at 01:11
Ha! So I figured it out, or rather figured out a workaround. I don't know why, but I changed mysql.createConnection(); to mysql.createPool(); – enyfour5 Aug 15 '19 at 03:17
Turns out that it didn't need to be changed to mysql.createPool, instead I had to change the connection.connect(); line to connection.connect(function(err) { }); I don't know why i had to add that but it works now!! – enyfour5 Aug 15 '19 at 03:29
can you use this for client side JS? i.e. you can't use require there. – Brian Wiley Dec 31 '20 at 13:08

How to hide connection details for mysql database in node.js?

2 Answers2