2

In my front end application, I'm storing sensitive information in the environment and using them as following:

const client_secret = process.env.CLIENT_SECRET;

On local development, I use dotenv package to pass in the values in .env file

CLIENT_SECRET=XXXXX

The .env file is not committed.

I use CircleCI for my deployment process, and saved the CLIENT_SECRET value in CircleCI environment variables, but how can I pass into the application?

This is my CircleCI config.yml:

      - deploy:
          name: Deploy
          command: |
            ENVIRONMENT=${ENVIRONMENT:=test}
            VERSION=`date "+%Y-%m-%dt%H%M"`
            if [ "${ENVIRONMENT}" = "production" ]; then
                APP_FILE=app-prod.yaml
            else
                APP_FILE=app.yaml
            fi
            gcloud app deploy ${APP_FILE} --quiet --version ${VERSION}

I can do this in app.yaml:

env_variables:
  NODE_ENV: 'production'
  CLIENT_SECRET: XXXXX

But I don't want to include the sensitive information into the .yaml file and commit them. Does anyone know any way I can pass environment values into the application?

I'm using Google Cloud Platform, and gcloud app deploy command doesn't seem to have a flag to include the environment variables.

Jee Mok
  • 6,157
  • 8
  • 47
  • 80

2 Answers2

0

Using bash script to create a .env file with environment variables manually

app.yaml.sh

#!/bin/bash
echo """
env: flex
runtime: nodejs
resources:
  memory_gb: 4.0
  disk_size_gb: 10
manual_scaling:
  instances: 1
env_variables:
  NODE_ENV: 'test'
  CLIENT_SECRET: \"$CLIENT_SECRET\"
"""

config.yml

    steps:
      - checkout
      - run:
          name: chmod permissions
          command: chmod -R 755 ./
      - run:
          name: Copy across app.yaml config
          command: ./app.yaml.sh > ./app.yaml
      - deploy:
          name: Deploy
          command: |
            VERSION=`date "+%Y-%m-%dt%H%M"`
            gcloud app deploy app.yaml --quiet --version ${VERSION}
Jee Mok
  • 6,157
  • 8
  • 47
  • 80
0

Reading about it, it's indeed, as you mentioned, that the only "official" way to set environment variables, it's by setting them in the app.yaml - this article provides more information on it. Considering that, I went to search further and I have found this good question from the Community - accessible here - where some workarounds are provided.

For example, the one that you mentioned, about creating a second file with the values and call it in the app.yaml is a good one. You can them use the .gitignore for the file not exist in the repository - in case you are using one. Another option would be to use Cloud Datastore to store the information and use it in your application. This way, Datastore would keep this information secured and accessible for your application, without becoming public within your App Engine configuration.

I just thought a good idea of adding this information here, with the article and question included, in case you want more information! :)

Let me know if the information helped you!

gso_gabriel
  • 4,199
  • 1
  • 10
  • 22
  • Thanks for the research! Datastore seems like a proper/correct way to do this kind of job, and this seems like the way for NodeJS to retrieve entity from the datastore: https://stackoverflow.com/questions/55197844/get-google-datastore-entity-using-nodejs – Jee Mok Apr 07 '20 at 08:49
  • 1
    That's great! Thanks for confirming and appreciate you providing this other link from the Community! – gso_gabriel Apr 07 '20 at 10:08