Basic setup of mongodb with env variable

Dr. Harun Ar Rashid, MD - Arthritis, Bones, Joints Pain, Trauma, and Internal Medicine Specialist Dr. Harun Ar Rashid, MD - Arthritis, Bones, Joints Pain, Trauma, and Internal Medicine Specialist
3 Views
PHP, JS, CSS, Python, and Machine Learning Technology

Applications that rely on third-party sources for data will at some point need to include things like OAuth tokens, SSH keys, or API credentials. This becomes an issue when the code for the application gets pushed up to a public facing source control like GitHub. Once the code is up there it is accessible to anyone that sees it. And so are your keys.

You could add all of the files with sensitive information to your .gitignore file? You could, but then this would prevent all needed files from getting into source control. And anyone wanting to help write the code wouldn’t have a complete version.

One solution for this is to use environment variables. These are local variables that are made available to an application. Creating these variables is made easy with a tool like dotenv. This module loads environment variables from a .env file that you create and adds them to the process.env object that is made available to the application.

Next add the following line to your app.js or server.js or bin/www – whichever is the entry file to your app.

require('dotenv').config()

create a .env file at the root directory of your application and add the variables to it.

MONGO_DB=mongodb://localhost:27017/ap-port-login

Most importantly – add .env to your ‘.gitignore’ file so that Git ignores it and it never ends up on GitHub. You can add any keys you want to this file.

Only drawback – I need to put this li ( require(‘dotenv’).config() ) in every single file where I want to use environment variables AND I have to deploy the dotenv to production where I don’t actually need it.

Then in my config/config.js – where I am initiating the mongodb connection

'use strict'

const mongoose = require('mongoose');

module.exports = {
    'database': process.env.MONGO_DB,

    // connect function to create a mongoDB connection
    'connectDB' : function () {
        mongoose.connect(this.database)
    },
}
// on mongo connection open event print a console statement
mongoose.connection.on('open', function () {
    console.log('Connected to Database (MongoDB) ');
})

And in my ./app.js

config.connectDB()

Some other examples of the use case of .env file

//contents of .env
SECRET_KEY=abcd1234
const port = 5000

// in my app.js

const express = require('express');
const app = express();
const port = process.env.PORT || 3000;
require('dotenv').config();
app.get('/', (req, res) => {
    res.send(process.env.SECRET_KEY);
})
app.listen(port, () => {
    console.log(`Server is running on port ${port}.`)
})

You Might Also Like This :

  1. How GridFS works and why we would need this Mongodb provides us with a very efficient way to store files directly in db rather than in file system. So basically what this means is, suppose you need to store an image file or an audio or video file you can directly store that in mongodb itself. However, MongoDB is a NoSQL document-database, meaning it […]...
  2. Collection The Collection is group of Documents in MongoDB. In RDBMS, this can be considered as a table which will have list records (documents in MongoDB). What is a Document? The Document is a set of key-value pairs. In RDBMS, each record in a table is equivalent to document in MongoDB. Documents will have a dynamic […]...
  3. Setup nginx_apache reverse proxy With the nginx_apache reverse proxy, static files are served by Nginx and PHP files are processed by Apache, thus overall performance is improved. And yes, the setup is fully compatible with .htaccess files. In general, the schema is: A new connection arrives and Nginx handles it. If it is for a static file (not a […]...
  4. Session Variable Overloading Session Variable Overloading (also known as Session Puzzling) is an application level vulnerability which can enable an attacker to perform a variety of malicious actions not limited to: Bypass efficient authentication enforcement mechanisms, and impersonate legitimate users. Elevate the privileges of a malicious user account, in an environment that would otherwise be considered foolproof. Skip […]...
  5. Aggregation in MongoDB Aggregation in MongoDB is nothing but an operation used to process the data that returns the computed results. Aggregation basically groups the data from multiple documents and operates in many ways on those grouped data in order to return one combined result. Aggregation process documents and return computed results. Aggregation operations group values from multiple […]...
  6. MongoDB Database Features MongoDB is a non-relational document database that provides support for JSON-like storage. The MongoDB database has a flexible data model that enables you to store unstructured data, and it provides full indexing support, and replication with rich and intuitive APIs. AWS enables you to set up the infrastructure to support MongoDB database deployments in a […]...
  7. How to Edit wp-config.php File in WordPress (Step-by-Step Guide) In the world of WordPress, the wp-config.php file is like the brain of your website. It holds vital information and settings that make your site run smoothly. Editing this file may sound intimidating, but fear not! In this step-by-step guide, we will walk you through everything you need to know about editing the wp-config.php file […]...
  8. Design-UX-CSS and Question on MongoDB Round 1 (Technical F2F): The interviewer started by asking about my current project and asked me to explain the architecture. I answered by explaining her the complete architecture on the white board. Then she asked how much would I rate myself in DS & Algo on a scale of 1-10. Then she asked the following […]...
  9. Comments PHP- Include/Include_once, Require/Require_once Comments PHP is usually written within the block of PHP code to explain the functionality of the code. It will help you and others in the future to understand what you were trying to do with the PHP code. Comments are not displayed in the output, they are ignored by the PHP engine. A comment […]...
  10. How to Install and Setup Google Tag Manager in WordPress Google Tag Manager is a powerful tool that allows website owners to easily manage and deploy various tracking codes and tags on their website without needing to edit the website’s code. In this step-by-step guide, we will walk you through the process of installing and setting up Google Tag Manager in WordPress. By the end […]...
  11. WordPress Security Keys In the digital world, your website’s security is paramount. One essential aspect of safeguarding your WordPress site is understanding and utilizing security keys. In this guide, we’ll break down the What, Why, and Hows of WordPress security keys in plain English. We’ll also sprinkle in some SEO-optimized sentences to boost your article’s visibility on search […]...
  12. Password Plaintext Storage Storing a password in plaintext may result in a system compromise. Password management issues occur when a password is stored in plaintext in an application’s properties or configuration file. A programmer can attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort […]...
  13. Function of index.php File In web development, an “index.php” file typically serves as the entry point for a PHP-based web application or website. The primary function of an “index.php” file is to handle incoming HTTP requests and generate dynamic web pages or content based on those requests. Here are some common functions and responsibilities of an “index.php” file: Routing: […]...
  14. Variable Manipulation What best practices I should remember while designing login pages? From login pages, users should be sent to a page for authentication. Once authenticated, the user should be sent to the next page. Passwords should never be sent or saved in clear text (unencrypted) as both are security risks. Sessions can be managed using a […]...
  15. Resource Injection This attack consists of changing resource identifiers used by an application in order to perform a malicious task. When an application defines a resource type or location based on user input, such as a file name or port number, this data can be manipulated to execute or access different resources. The resource type affected by […]...

To Get Daily Health Newsletter

We don’t spam! Read our privacy policy for more info.

Terms and Conditions of Use
Privacy Policy
Cookie Policy
Editorial Policy
Advertising Policy
EU User Consent Policy
Correction Policy
Citation Policy
Ethics and Logical Policies
About Us
Contact Us
Newsletter
Career
Sitemap
Advertise with us
Editorial Board Members
Review Board Member
Team RxHarun
Web Developers Team
Guest Posts and Sponsored Posts
Request for Board Member
Women Writers
Download Mobile Apps
Follow us on Social Media
© 2012 - 2025; All rights reserved by authors. Powered by Mediarx International LTD, a subsidiary company of Rx Foundation.
RxHarun
Logo