0

I uploaded my repo and it has a database string named 'dbstring' which I do not want to share with anyone. I created a repository secret on github and created a value named DBSTRING with its value but the thing is I dont know how to access it.

this is my uploaded code which reveals my dbstring.

const dbstring = mongodb+srv:/***********b.net

mongoose.connect(dbstring, { useUnifiedTopology: true, useNewUrlParser: true });

const db = mongoose.connection;

db.once('open', () => {
  console.log('Database connected:', url);
});

How can I replace dbstring with secret value I created on my github repo?

Matt
  • 12,848
  • 2
  • 31
  • 53
Samilo
  • 55
  • 1
  • 4

2 Answers2

0

What you need to do is to use Environment variables, where you can have a .env ( if you use dotenv ) for each environment. Then you keep your database credentials safe on your computer and on the server, this will also make it possible to target different environments like database production, dev, test, etc. Make sure you have .env file added in the .gitignore file.

It's also important that when you run this code it's executed on the server-side otherwise anyone with the dev tools open will be able to see the credentials as well. Then on your client side you make a request using axios to the URL related to that database connection.

halfer
  • 19,824
  • 17
  • 99
  • 186
gugateider
  • 1,983
  • 2
  • 13
  • 17
  • My app does not work if I put it in env and gitignore, cuz it needs to load my database from that variable and when I ignore it it wont work. I mean what if the variable I want to hide is neccessary to run? – Samilo Mar 12 '22 at 17:07
  • You'd still have the .env files on your repo, but the one with your secret values will always be on your computer while you can just have a modified version on the git repo – gugateider Mar 13 '22 at 15:02
0

If the ENV file works for you then what you can do is you can encrypt it before uploading it to the GitHub like creating an env-production file and encrypting it and once you use that repo you can decrypt it and you can also add that step to your CD/CI Line use this

jay
  • 1
  • 1