0

I am new to and have recently been learning how to build/deploy a MEAN stack application and now wish to deploy to AWS (Using EC2). Currently my node.js API utilises environment variables (process.env) for values such as:

  1. MongoDB URL (for process running on port 27017)
  2. JWT authentication secret
  3. Email and passwords for emailing service
  4. Port to run node

What is the best way to handle these dynamic values when deploying this app to production? I have read that environment variables, whilst more secure than plaintext values, are still insecure in some regard. I am aware of services such as the AWS parameter store for secure storage of these values but wanted to know if there is some general best practice advice to follow for storing such configuration variables when deploying an app into production for any given deployment option.

Thanks

Stix
  • 182
  • 1
  • 10

1 Answers1

1

AWS Parameter Store is indeed advantageous when compared to storing credentials in config files or environment variables. To know more about potential issues with those 2 you may want to check answers to this question https://stackoverflow.com/a/28329996/2579733

AWS Parameter Store would require little configuration since it's a tool within the AWS ecosystem.

Secrets stored in PS are encrypted in transit and at rest.

Basically you'd need an IAM role with ssm:GetParameter and kms:Decrypt permissions which you can assign to your EC2 instance.

Then basic node.js implementation can be something like this:

const aws = require('aws-sdk')

async function getSecureValue(path) {
    const ssm = new aws.SSM()
    const ssmParams = {
        Name: path,
        WithDecryption: true,
    }

    const storeResponse = await ssm.getParameter(ssmParams).promise()

    return storeResponse.Parameter.Value
}

const password = await ssm.getSecureValue(PASSWORD_SSM_PATH)
Max Ivanov
  • 5,695
  • 38
  • 52