Currently, I am using environment variables to store API credentials in my nodejs application.
What would be the best practice to store them if I want to change the credentials through a UI during runtime?
Is it possible to alter the environment variables during runtime?
Answering your question, yes, it is possible. The Node.js documentation says this:
The
process.envproperty returns an object containing the user environment. It is possible to modify this object, but such modifications will not be reflected outside the Node.js process.
See the doc here: https://nodejs.org/api/process.html#process_process_env
The idea to put the environment variables in a separated file, preciselly to mantain it away from any vulnerability that your app could have, causing third parts not autorized to get that variables. I think, you can do it, but is not a good practice. If it's not avoidable, you should save it encrypted and only be recoberable using an specific key provided by the user.
For example, AWS creates a public private key pair, to manage the access to virtual machine instances EC2. They encrypt the passwords to that instances using the public key, and the user can only recover that password, providing a private key .PEM
See it here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
